- 240/2022
- High
IBM has released security updates to fix several vulnerabilities across multiple products.
The severity of the addressed vulnerabilities could allow the remote attacker to expose sensitive information or consume the memory resources of the affected system.
Sample of the addressed vulnerabilities :
- IBM InfoSphere Information Server external entity injection (CVE-2022- 40747)
- CVSS: 8.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
- IBM WebSphere Application Server Spoofing attack (CVE-2022-38712)
- CVSS: 5.9
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Indicators of Compromise
Indicators of compromise will be shared with EG-FinCIRT’s Constituents
Vulnerabilities
- CVE-2022-38712
- CVE-2022-40747
- CVE-2022-22442
- CVE-2022-30608
- CVE-2022-0155
- CVE-2022-30615
- CVE-2022-35642
- CVE-2022-35717
- CVE-2022-40235
- CVE-2022-0536
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.