Low Severity

Security Bulletin: IBM i components are vulnerable to data access due to CVE-2022-22481

May 6, 2022

Share this post:

IBM Navigator for i – heritage version GUI is vulnerable to data access as described in the vulnerability details section. IBM has addressed the vulnerability for IBM Navigator for i – heritage version with a fix as described in the remediation/fixes section.

CVE(s): CVE-2022-22481

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM Navigator for i (heritage version only)	IBM i 7.4, 7.3, and 7.2 (heritage version)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6583553
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/225899

Low Severity

Security Bulletin: Java Spring vulnerability impacts IBM Watson Knowledge Catalog in Cloud Pak for Data (CVE-2022-22965)

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: Information Disclosure in IBM Spectrum Protect Operations Center (CVE-2022-22494)

June 29, 2022 | Low Severity

IBM Spectrum Protect Operations Center may disclosure database information in error messages sent to the user which could be used in future attacks. ...read more

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to zlib (CVE-2018-25032)

June 29, 2022 | Low Severity

There is a vulnerability in the zlib library used by IBM Sterling Connect:Direct for UNIX. IBM Sterling Connect:Direct for UNIX has addressed the applicable issue. ...read more

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to unauthorized sensitive information access due to IBM Java (CVE-2021-35603)

June 29, 2022 | Low Severity

IBM Java is used by IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms in product configuration, management, and data transmission. IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms is impacted by an unauthorized sensitive information access issue in IBM Java (CVE-2021-35603). IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms has upgraded IBM Java to version 8.0.7.10 to address the issue. ...read more

Low Severity

Security Bulletin: IBM i components are vulnerable to data access due to CVE-2022-22481

Security Bulletin: Java Spring vulnerability impacts IBM Watson Knowledge Catalog in Cloud Pak for Data (CVE-2022-22965)

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable to a denial of service in Spring Framework (CVE-2022-22950)

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: Information Disclosure in IBM Spectrum Protect Operations Center (CVE-2022-22494)

June 29, 2022 | Low Severity

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to zlib (CVE-2018-25032)

June 29, 2022 | Low Severity

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to unauthorized sensitive information access due to IBM Java (CVE-2021-35603)

June 29, 2022 | Low Severity