Critical Severity

Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

Share this post:

There are multiple vulnerabilities in Curl that affect PowerSC.

CVE(s): CVE-2022-27776, CVE-2022-27775, CVE-2022-27781, CVE-2022-27782, CVE-2022-27778, CVE-2022-27779, CVE-2022-30115, CVE-2022-27780, CVE-2022-27774, CVE-2022-22576

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
PowerSC 1.3
PowerSC 2.0
PowerSC 2.1

 

The vulnerabilities in the following filesets are being addressed:

 

Fileset Lower Level Upper Level
powerscStd.tnc_pm 1.3.0.4 2.1.0.2
curl-7.83.1-1.aix7.1.ppc.rpm 7.19.4 7.83.0

 

Note:  To find out whether the affected PowerSC filesets are installed on your systems, refer to the lslpp command found in AIX user's guide. To find out whether the affected curl filesets are installed on your systems, refer to the rpm command found in AIX user's guide.
 
Example:  lslpp -l | grep powerscStd
Example:  rpm -qa | grep curl
 
 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6823211
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/225296
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/225295
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/226251
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/226252
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/226248
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/226249
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/226253
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/226250
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/225294
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/225291

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in GnuPG [CVE-2022-3515 and CVE-2022-34903]

November 30, 2022 | Critical Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of GnuPG. [CVE-2022-3515 and CVE-2022-34903] This has been addressed. ...read more


Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Text [CVE-2022-42889]

November 30, 2022 | Critical Severity

Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. IBM Sterling Control Center uses Apache Commons Text and the issue has been addressed. [CVE-2022-42889] ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Text [CVE-2022-42889]

November 30, 2022 | Critical Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Text. [CVE-2022-42889] This has been addressed. ...read more