What is the severity of CVE-2022-22488?

The severity of CVE-2022-22488 is classified as medium, as it allows a denial of service for privileged users.

How do I fix CVE-2022-22488?

To fix CVE-2022-22488, update the IBM OpenBMC OP910 and OP940 to the latest firmware that addresses the vulnerability.

Who is affected by CVE-2022-22488?

CVE-2022-22488 affects IBM OpenBMC OP910 and OP940 users, along with specific IBM Power System AC922 firmware versions.

What risk does CVE-2022-22488 pose?

CVE-2022-22488 poses a risk of denial of service due to excessive uploading or deleting of CA certificates by privileged users.

Is CVE-2022-22488 an exploit or a vulnerability?

CVE-2022-22488 is a vulnerability that could be exploited by privileged users to cause a denial of service.

Vulnerability/
CVE-2022-22488

medium

4.9

CWE

770

17/11/2022

18/11/2022

3/8/2024

CVE-2022-22488: IBM OpenBMC denial of service

First published: Thu Nov 17 2022(Updated: )

IBM BMC could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
openbmc-project OpenBMC	<=OP910
openbmc-project OpenBMC	<=OP940
IBM Power System AC922 (8335-GTG) Firmware	>=op910<=op910.70
IBM Power System AC922 (8335-GTG)
IBM Power System AC922 (8335-GTH) Firmware	>=op940<=op940.40
IBM Power System AC922 (8335-GTH)
IBM Power System AC922 (8335-GTX) Firmware	>=op940<=op940.40
IBM Power System AC922 (8335-GTX)

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6840155

Frequently Asked Questions

What is the severity of CVE-2022-22488?
The severity of CVE-2022-22488 is classified as medium, as it allows a denial of service for privileged users.
How do I fix CVE-2022-22488?
To fix CVE-2022-22488, update the IBM OpenBMC OP910 and OP940 to the latest firmware that addresses the vulnerability.
Who is affected by CVE-2022-22488?
CVE-2022-22488 affects IBM OpenBMC OP910 and OP940 users, along with specific IBM Power System AC922 firmware versions.
What risk does CVE-2022-22488 pose?
CVE-2022-22488 poses a risk of denial of service due to excessive uploading or deleting of CA certificates by privileged users.
Is CVE-2022-22488 an exploit or a vulnerability?
CVE-2022-22488 is a vulnerability that could be exploited by privileged users to cause a denial of service.

agent/references
agent/type
agent/first-publish-date
agent/weakness
agent/author
collector/mitre-cve
source/MITRE
agent/title
agent/last-modified-date
agent/severity
agent/description
agent/event
agent/trending
agent/source
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
vendor/ibm
canonical/openbmc-project openbmc
version/openbmc-project openbmc/op910
version/openbmc-project openbmc/op940
canonical/ibm power system ac922 (8335-gtg) firmware
version/ibm power system ac922 (8335-gtg) firmware/op910
version/ibm power system ac922 (8335-gtg) firmware/op910.70
canonical/ibm power system ac922 (8335-gtg)
canonical/ibm power system ac922 (8335-gth) firmware
version/ibm power system ac922 (8335-gth) firmware/op940
version/ibm power system ac922 (8335-gth) firmware/op940.40
canonical/ibm power system ac922 (8335-gth)
canonical/ibm power system ac922 (8335-gtx) firmware
version/ibm power system ac922 (8335-gtx) firmware/op940
version/ibm power system ac922 (8335-gtx) firmware/op940.40
canonical/ibm power system ac922 (8335-gtx)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2022-22488?
The severity of CVE-2022-22488 is classified as medium, as it allows a denial of service for privileged users.
How do I fix CVE-2022-22488?
To fix CVE-2022-22488, update the IBM OpenBMC OP910 and OP940 to the latest firmware that addresses the vulnerability.
Who is affected by CVE-2022-22488?
CVE-2022-22488 affects IBM OpenBMC OP910 and OP940 users, along with specific IBM Power System AC922 firmware versions.
What risk does CVE-2022-22488 pose?
CVE-2022-22488 poses a risk of denial of service due to excessive uploading or deleting of CA certificates by privileged users.
Is CVE-2022-22488 an exploit or a vulnerability?
CVE-2022-22488 is a vulnerability that could be exploited by privileged users to cause a denial of service.