Medium Severity

Security Bulletin: Vulnerabilities in AIX CAA (CVE-2022-22350, CVE-2021-38996)

Share this post:

There are multiple vulnerabilities in AIX CAA.

CVE(s): CVE-2022-22350, CVE-2021-38996

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
AIX 7.1
AIX 7.2
AIX 7.3
VIOS 3.1

 

The vulnerabilities in the following filesets are being addressed:

 

Fileset Lower Level Upper Level
bos.cluster.rte 7.1.5.0 7.1.5.38
bos.cluster.rte 7.2.4.0 7.2.4.4
bos.cluster.rte 7.2.5.0 7.2.5.1
bos.cluster.rte 7.2.5.100 7.2.5.101
bos.cluster.rte 7.3.0.0 7.3.0.0

 

To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.
 
Example:  lslpp -L | grep -i bos.cluster.rte

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6560390
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/220394
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/213076

More stories

Security Bulletin: A Unspecified Java Vulnerability is affecting Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2021-35550)

August 12, 2022 | Medium Severity

An unspecified vulnerability in Java is affecting Watson Knowledge Catalog for IBM Cloud Pak for Data. This vulnerability have been addressed. ...read more


Security Bulletin: CP4D Match 360 is affected by Identity Spoofing vulnerability in IBM WebSphere Application Server Liberty

August 12, 2022 | Medium Severity

IBM WebSphere Application Server Liberty is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. IBM Match 360 v4.5.0 and prior, is also vulnerable given that it uses WebSphere Application Server Liberty. ...read more


Security Bulletin: Watson Knowledge Catalog InstaScan is vulnerable to an XML External Entity (XXE) Injection vulnerability due to IBM WebSphere Application Server Liberty ( CVE-2021-20492 )

August 12, 2022 | Medium Severity

WebSphere Application Server Java Batch, that was included in Watson Knowledge Catalog InstaScan, is vulnerable to an XML External Entity Injection (XXE) vulnerability. This has been addressed. ...read more