The product team advises that you upgrade to 8.1.14.100.
https://www.ibm.com/support/pages/node/6562367 For specific questions regarding the CVE that was published, please open a case with support. Del ________________________________ From: ADSM: Dist Stor Manager <ADSM-L@VM.MARIST.EDU> on behalf of Bjørn Nachtwey <bjoern.nacht...@gwdg.de> Sent: Tuesday, March 22, 2022 3:19 AM To: ADSM-L@VM.MARIST.EDU <ADSM-L@VM.MARIST.EDU> Subject: [EXTERNAL] Questions on CVE-2022-22394 Hi all, IBM published the mentioned security bulletin[1], but looking at it I have lots of questions. Maybe Del, Colin or someone else from the dev team may have answers? 1) Does it affect ISP8.1.14-000 only or also older versions? 2) "An attacker can bypass security": so is it necessary to have a limited admin account that extends it's privileges? Is a "node admin" sufficient for this? 3) So if there are no admins accounts (besides for the ISP admin team): Is a ISP server still threatened in this case? 4) Does it help if the TCPADMINPort is closed (except for the ISP admin team)? @IBM: Can you please provide any further information, so I (we?) can decide how much our systems are threatened -- Thanks a lot! best Bjørn [1] https://www.ibm.com/support/pages/node/6564745 -- -------------------------------------------------------------------------------------------------- Bjørn Nachtwey Arbeitsgruppe "IT-Infrastruktur“ E-Mail:bjoern.nacht...@gwdg.de -------------------------------------------------------------------------------------------------- Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen (GWDG) Burckhardtweg 4, 37077 Göttingen, URL:https://gwdg.de Support: Tel.: +49 551 39-30000, URL:https://gwdg.de/support Sekretariat: Tel.: +49 551 39-30001, E-Mail:g...@gwdg.de Geschäftsführer: Prof. Dr. Ramin Yahyapour Aufsichtsratsvorsitzender: Prof. Dr. Norbert Lossau Sitz der Gesellschaft: Göttingen Registergericht: Göttingen, Handelsregister-Nr. B 598 Zertifiziert nach ISO 9001 --------------------------------------------------------------------------------------------------
