High Severity

Security Bulletin: OpenSSL for IBM i is vulnerable to arbitrary command execution (CVE-2022-2068)

Share this post:

OpenSSL is vulnerable to arbitrary command execution due to improper validation of input by c_reshash script as described in the vulnerability details section. IBM i has addressed the vulnerability in OpenSSL with a fix as described in the remediation/fixes section.

CVE(s): CVE-2022-2068

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM i 7.5
IBM i 7.4
IBM i 7.3
IBM i 7.2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6607559
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/226018

More stories

Security Bulletin: Vulnerabilities in FasterXML Jackson Databind and Apache Xerces affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments

September 28, 2022 | High Severity

IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments may be affected by the below FasterXML Jackson Databind and Apache Xerces vulnerabilities (CVEs). ...read more


Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from curl, systemd, and Golang Go

September 28, 2022 | High Severity

Multiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.6-x packages [curl, systemd and Golang Go] that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. ...read more


Security Bulletin: Rational Service Tester contains a vulnerability which could affect Eclipse Jetty. Rational Service Tester has taken steps to mitigate this vulnerability.

September 28, 2022 | High Severity

Eclipse Jetty contains a vulnerability that may allow a remote attacker to exploit this vulnerability to consume CPU that remains high even without any traffic. ...read more