Note that if you're running SP Server on AIX 7.1, you cannot upgrade to
8.1.14.x without first upgrading the server to AIX 7.2 or 7.3 (never mind
that AIX 7.1 is still supported).
On 3/23/22 05:19, Del Hoobler wrote:
The product team advises that you upgrade to 8.1.14.100.
https://www.ibm.com/support/pages/node/6562367
For specific questions regarding the CVE that was published, please open a case
with support.
Del
________________________________
From: ADSM: Dist Stor Manager <ADSM-L@VM.MARIST.EDU> on behalf of Bjørn Nachtwey
<bjoern.nacht...@gwdg.de>
Sent: Tuesday, March 22, 2022 3:19 AM
To: ADSM-L@VM.MARIST.EDU <ADSM-L@VM.MARIST.EDU>
Subject: [EXTERNAL] Questions on CVE-2022-22394
Hi all,
IBM published the mentioned security bulletin[1], but looking at it I
have lots of questions. Maybe Del, Colin or someone else from the dev
team may have answers?
1) Does it affect ISP8.1.14-000 only or also older versions?
2) "An attacker can bypass security": so is it necessary to have a
limited admin account that extends it's privileges? Is a "node admin"
sufficient for this?
3) So if there are no admins accounts (besides for the ISP admin team):
Is a ISP server still threatened in this case?
4) Does it help if the TCPADMINPort is closed (except for the ISP admin
team)?
@IBM: Can you please provide any further information, so I (we?) can
decide how much our systems are threatened -- Thanks a lot!
best
Bjørn
[1] https://www.ibm.com/support/pages/node/6564745
--
Hello World. David Bronder - Systems Architect
Segmentation Fault ITS-EI, Univ. of Iowa
Core dumped, disk trashed, quota filled, soda warm. david-bron...@uiowa.edu
