Medium Severity

Security Bulletin: This Power System update is being released to address CVE 2022-22309

Share this post:

POWER8/POWER9: The POWER systems FSP is vulnerable to unauthenticated logins through the physical serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. In response to this security issue, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2022-22309

CVE(s): CVE-2022-22309

Affected product(s) and affected version(s):

Firmware release FW860, FW940 and FW950 are affected.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6589099
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217095

More stories

Security Bulletin: IBM CICS TX Standard is vulnerable to HTTP Header injection (CVE-2022-34306)

July 6, 2022 | Medium Severity

IBM CICS TX Standard could allow a remote attacker to invoke cross-site scripting, cache poisoning or session hijacking attacks on a vulnerable system. The fix removes this vulnerability (CVE-2022-34306) from IBM CICS TX Standard. ...read more


Security Bulletin: A security vulnerability has been identified in in IBM Java SDK shipoped with IBM Tivoli Netcool Impact (CVE-2021-35561)

July 6, 2022 | Medium Severity

There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVE. This issue was disclosed in the Oracle October 2021 Critical Patch Update. ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)

July 6, 2022 | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. These issues were disclosed in the Oracle April 2022 Critical Patch Update, minus CVE-2022-21426 ...read more