Severity
Medium
Analysis Summary
CVE-2020-4925
A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests.
CVE-2021-38955
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands
CVE-2021-38986
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVE-2022-22321
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection.
Impact
- Denial of Service
- Information Disclosure
- Unauthorized Access
Indicators of Compromise
CVE
- CVE-2020-4925
- CVE-2021-38955
- CVE-2021-38986
- CVE-2022-22321
Affected Vendors
IBM
Affected Products
- IBM Spectrum Scale 5.0
- IBM Spectrum Scale 5.1
- IBM AIX 7.1
- IBM AIX 7.2
- IBM VIOS 3.1
- IBM AIX 7.3
- IBM MQ Appliance 9.2 LTS
- IBM MQ Appliance 9.2 CD
Remediation
Refer to IBM Security Bulletin for patch, upgrade, or suggested workaround information.
CVE-2020-4925
https://www.ibm.com/support/pages/node/6560094
CVE-2021-38955
https://www.ibm.com/support/pages/node/6560236
CVE-2021-38986
https://www.ibm.com/support/pages/node/6560032
CVE-2022-22321