Download
Abstract
This document lists the fixes contained in IBM Cloud Pak® System Software for Power (BYOH) Version 2.3.5.
Download Description
Security vulnerabilities
IBM Cloud Pak System Version 2.3.5 includes fixes for these security vulnerabilities:
|
Relevant vulnerabilities |
Summary |
Security Bulletin URL |
|---|---|---|
|
CVE-2024-28849 |
Node.js follow-redirects module information disclosure |
https://www.ibm.com/support/pages/node/7140415 |
|
CVE-2022-4304, CVE-2023-0215, CVE-2023-0286 |
OpenSSL information disclosure,denial of service, type confusion |
https://www.ibm.com/support/pages/node/7148475 |
|
CVE-2022-37436 |
Apache HTTP Server mod_proxy response splitting |
https://www.ibm.com/support/pages/node/7148475 |
|
CVE-2023-45284 |
Golang Go weak security |
https://www.ibm.com/support/pages/node/7159724 |
|
CVE-2022-36760 |
Apache HTTP Server mod_proxy_ajp HTTP request smuggling |
https://www.ibm.com/support/pages/node/7148475 |
|
CVE-2022-43680 |
libexpat denial of service |
https://www.ibm.com/support/pages/node/7148475 |
|
CVE-2022-28615 |
Apache HTTP Server ap_strcmp_match() information disclosure |
https://www.ibm.com/support/pages/node/7148475 |
|
CVE-2020-11023 |
CPS - Vulnerability identifiedin jQuery option elements cross-site scripting |
https://www.ibm.com/support/pages/node/7140415 |
|
CVE-2022-31259, CVE-2008-7220 |
CPS Vulnerability - Vulnerable Software In Use |
https://www.ibm.com/support/pages/node/7140415 |
|
CVE-2023-26159 |
Golang Go information disclosure |
https://www.ibm.com/support/pages/node/7140415 |
|
CVE-2023-25690 |
Apache HTTP Server request splitting |
https://www.ibm.com/support/pages/node/7135903 |
|
CVE-2023-39326 |
NA |
https://www.ibm.com/support/pages/node/7140415 |
|
CVE-2022-28614 |
Apache HTTP Server ap_rwrite() information disclosure |
https://www.ibm.com/support/pages/node/7148475 |
|
CVE-2023-22081, CVE-2023-22067, CVE-2023-5676 |
IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 |
https://www.ibm.com/support/pages/node/7148476 |
|
CVE-2022-30522 |
Apache HTTP Server mod_sed denial of service |
https://www.ibm.com/support/pages/node/7148475 |
| CVE-2022-31813 | Apache HTTP Server security bypass | https://www.ibm.com/support/pages/node/7148475 |
| CVE-2020-11022 | CPS Vulnerability-Vulnerable software detected | https://www.ibm.com/support/pages/node/7140415 |
| CVE-2023-38713 | CPS Vulnerability-Software Version Numbers Revealed | https://www.ibm.com/support/pages/node/7159533 |
| CVE-2023-38271 | CPS Vulnerability--Sensitive Information Disclosed In CPS Logs | https://www.ibm.com/support/pages/node/7159533 |
| CVE-2022-26377 | Apache HTTP Server mod_proxy_ajp HTTP request smuggling | https://www.ibm.com/support/pages/node/7148475 |
| CVE-2023-38714 | Source code disclosure | https://www.ibm.com/support/pages/node/7159533 |
| CVE-2023-38013 | CPS Vulnerabilities-Private IP Address Disclosed in http responses | https://www.ibm.com/support/pages/node/7159533 |
| CVE-2022-1292 | OpenSSL command execution | https://www.ibm.com/support/pages/node/7148475 |
For more information about IBM Product Security articles, see these links:
- https://www.ibm.com/support/pages/bulletin/
- https://www.ibm.com/support/pages/ibm-security-vulnerability-management
IBM Cloud Pak System Software problem fixes
The following table contains the problem fixes that are included in this release.
Optional: If an integrated pattern or component is not listed, there were no fixes for that pattern or component in this version. The upgrade recommendation is to move directly to 2.3.5.
| Document | Description |
|---|---|
| DT391903 | Not able to delete VM operations using the REST API. |
| DT392405 | Not able to login to VM deployed with a cloned pattern with original pattern having saved password. |
DT392363 |
CWZIP6239E The amount of free space on the /data/www/ipas/dumps file system is critical. Older files will be deleted to provide more free space. |
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
14 October 2024
UID
ibm17169795