CVE-2022-22488
MEDIUMIBM Power System AC922 Firmware OP910 < OP910.70 and OP940 < OP940.40 DoS via CA Certificate Upload/Deletion
Title source: llmDescription
IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/6840155
VDB Entry, Vendor Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/226337
Scores
CVSS v3
4.9
EPSS
0.0011
EPSS Percentile
29.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (3)
ibm/power_system_ac922_\(8335-gtg\)_firmware
op910 - op910.70
ibm/power_system_ac922_\(8335-gth\)_firmware
op940 - op940.40
ibm/power_system_ac922_\(8335-gtx\)_firmware
op940 - op940.40
Published
Dec 12, 2022
Tracked Since
Feb 18, 2026