Medium Severity

Security Bulletin: Insecure handling of TLS certificates by IBM Spectrum Protect Plus (CVE-2022-40234)

Share this post:

IBM Spectrum Protect Plus incorrectly handles TLS certificates which can result in an attacker obtaining private key information for the uploaded certificate.

CVE(s): CVE-2022-40234

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Spectrum Protect Plus 10.1.0-10.1.11

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6619947
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/235718

More stories

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-40149, CVE-2022-40150)

November 28, 2022 | Medium Severity

Jettison-json is used by IBM UrbanCode Deploy (UCD) for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. (CVE-2022-40149, CVE-2022-40150) ...read more


Security Bulletin: Digital Certificate Manager for IBM i is vulnerable to cross-site scripting (CVE-2022-34358)

November 28, 2022 | Medium Severity

Digital Certificate Manager for IBM i is vulnerable to a cross-site scripting issue in the old web application as described in the vulnerability details section. IBM i has addressed the applicable CVE with a fix to the Digital Certificate Manage web application as described in the remediation/fixes section. ...read more


Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google protobuf-java (CVE-2022-3171, CVE-2022-3509)

November 28, 2022 | Medium Severity

There is a vulnerability in the Google protobuf-java library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. This has been addressed. ...read more