Security Bulletin
Summary
OpenSSL is used by IBM Power Hardware Management Console (HMC) for cryptography toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) network protocols and related cryptography standards required by them. This bulletin provides a remediation for the impacted vulnerability, CVE-2022-0778 by upgrading IBM Power Hardware Management Console (HMC) respective PTF and thus addressing the exposure to the openssl vulnerability.
Vulnerability Details
CVEID: CVE-2022-0778
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially-crafted certificate with invalid explicit curve parameters, a remote attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221911 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
Affected Product(s) | Version(s) |
HMC V10.1.1010.0 | V10.1.1010.0 and later |
HMC V9.2.950.0 | V9.2.950.0 and later |
Remediation/Fixes
The following fixes are available on IBM Fix Central at: http://www-933.ibm.com/support/fixcentral/
Product
|
VRMF
|
APAR
|
Remediation/Fix
|
Power HMC
|
V9.2.952.0 ppc
|
MB04331
| |
Power HMC
|
V9.2.952.0 x86
|
MB04330
| |
Power HMC
|
V10.1.1010.0 ppc
|
MB04335
| |
Power HMC
|
V10.1.1010.0 x86
|
MB04334
|
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
Change History
30 May 2022: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
30 May 2022
UID
ibm16590851