Medium Severity

Security Bulletin: Vulnerability in IBM SDK, Java Technology (CVE-2022-21341, CVE-2022-21294, CVE-2022-21293 and CVE-2022-21248) affects Power HMC

Share this post:

IBM Java is used by IBM Power Hardware Management Console (HMC) for running java applications and services. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2022-21341, CVE-2022-21294, CVE-2022-21293 and CVE-2022-21248 by upgrading IBM Power Hardware Management Console (HMC) respective PTF and thus addressing the exposure to the java vulnerability.

CVE(s): CVE-2022-21341 , CVE-2022-21294 , CVE-2022-21293 , CVE-2022-21248

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
HMC V10.1.1010.0 V10.1.1010.0 and later
HMC V9.2.950.0 V9.2.950.0 and later

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6590793
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217636
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217589
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217588
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217543

More stories

Security Bulletin: IBM Sterling Partner Engagement Manager vulnerable to denial of service due to Apache Shiro (CVE-2022-32532)

September 23, 2022 | Medium Severity

IBM Sterling Partner Engagement Manager uses Apache Shiro library 1.9.1, where A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. The issue has been addressed. ...read more


Security Bulletin: IBM MQ Appliance is vulnerable to cross-site scripting (CVE-2022-31744)

September 23, 2022 | Medium Severity

IBM MQ Appliance has resolved a cross-site scripting vulnerability. ...read more


Security Bulletin: Due to RPM, AIX is vulnerable to arbitrary code execution (CVE-2021-20271), RPM database corruption (CVE-2021-3421), and denial of service (CVE-2021-20266)

September 23, 2022 | Medium Severity

AIX is vulnerable to arbitrary code execution (CVE-2021-20271), RPM database corruption (CVE-2021-3421), and denial of service (CVE-2021-20266) due to RPM. RPM is used by AIX for package management. ...read more