CVE-2022-22488 - OpenCVE

IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Power System Ac922 \(8335-gtg\) Power System Ac922 \(8335-gtg\) Firmware Power System Ac922 \(8335-gth\) Power System Ac922 \(8335-gth\) Firmware Power System Ac922 \(8335-gtx\) Power System Ac922 \(8335-gtx\) Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ibm:power_system_ac922_\(8335-gtg\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:power_system_ac922_\(8335-gtg\):-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:ibm:power_system_ac922_\(8335-gth\):-:*:*:*:*:*:*:*

cpe:2.3:o:ibm:power_system_ac922_\(8335-gth\)_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:ibm:power_system_ac922_\(8335-gtx\):-:*:*:*:*:*:*:*

cpe:2.3:o:ibm:power_system_ac922_\(8335-gtx\)_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/226337
https://www.ibm.com/support/pages/node/6840155

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2022-11-18T17:02:01.980Z

Updated: 2024-08-03T03:14:55.256Z

Reserved: 2022-01-03T22:29:21.008Z

Link: CVE-2022-22488

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-12T13:15:12.050

Modified: 2023-11-07T03:43:55.373

Link: CVE-2022-22488

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-22488", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "dateReserved": "2022-01-03T22:29:21.008Z", "datePublished": "2022-11-18T17:02:01.980Z", "dateUpdated": "2024-08-03T03:14:55.256Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenBMC", "vendor": "IBM", "versions": [{"status": "affected", "version": "OP910, OP940"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337."}], "value": "IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2022-12-12T12:11:04.548862Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/6840155"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226337"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM OpenBMC denial of service", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:14:55.256Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6840155"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226337"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:power_system_ac922_\\(8335-gtg\\)_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "172FDC0F-6390-4AEB-9C03-6EF0A7C6790D", "versionEndIncluding": "op910.70", "versionStartIncluding": "op910", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:power_system_ac922_\\(8335-gtg\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "281D775E-2651-4B60-A09E-29D4D8DA7E6B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:power_system_ac922_\\(8335-gth\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "D95F0B5F-EFEE-4002-AB88-1DD0CE3CAC46", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:power_system_ac922_\\(8335-gth\\)_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21B913BF-FAE9-46CA-867D-34BC4C78509E", "versionEndIncluding": "op940.40", "versionStartIncluding": "op940", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:power_system_ac922_\\(8335-gtx\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "30ABEAED-DCF7-4375-A3F4-06169211229A", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:power_system_ac922_\\(8335-gtx\\)_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "85FA918C-09AD-4352-9271-2D270303C9B6", "versionEndIncluding": "op940.40", "versionStartIncluding": "op940", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337."}, {"lang": "es", "value": "IBM OpenBMC OP910 y OP940 podr\u00edan permitir que un usuario privilegiado provoque una Denegaci\u00f3n de Servicio (DoS) cargando o eliminando demasiados certificados de CA en un corto per\u00edodo de tiempo. ID de IBM X-Force: 2226337."}], "id": "CVE-2022-22488", "lastModified": "2023-11-07T03:43:55.373", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2022-12-12T13:15:12.050", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226337"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6840155"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}