Vulnerability CVE-2022-1434

Vulnerability Name:

CVE-2022-1434 (CCN-225617)

Assigned:

2022-05-03

Published:

2022-05-03

Updated:

2023-02-14

Summary:

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2022-1434

Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org

Source: XF
Type: UNKNOWN
openssl-cve20221434-mitm(225617)

Source: openssl-security@openssl.org
Type: Mailing List, Patch, Vendor Advisory
openssl-security@openssl.org

Source: openssl-security@openssl.org
Type: Third Party Advisory
openssl-security@openssl.org

Source: CCN
Type: IBM Security Bulletin 6596085 (QRadar SIEM)
IBM QRadar WinCollect is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6601123 (App Connect Enterprise)
IBM App Connect Enterprise and IBM Integration Bus are vulnerable to multiple openSSL vulnerabilities in Node.js (CVE-2022-1434, CVE-2022-1343, CVE-2022-1473)

Source: CCN
Type: IBM Security Bulletin 6602289 (Netcool/System Service Monitor)
Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors

Source: CCN
Type: IBM Security Bulletin 6890819 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to issues in OpenSSL (CVE-2022-1434, CVE-2022-1343, CVE-2022-1292, CVE-2022-1473 )

Source: CCN
Type: OpenSSL Security Advisory [03 May 2022]
OpenSSL Security Advisory [03 May 2022]

Source: openssl-security@openssl.org
Type: Vendor Advisory
openssl-security@openssl.org

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:openssl:openssl:3.0.0:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:3.0.2:*:*:*:*:*:*:*

AND

cpe:/a:ibm:netcool/system_service_monitor:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:11.0.0.0:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7631	P	libopenssl-3-devel-3.0.8-150500.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3625	P	Security update for openssl-3 (Important)	2022-07-06
oval:org.opensuse.security:def:95255	P	Security update for openssl-3 (Important)	2022-07-06
oval:org.opensuse.security:def:558	P	Security update for openssl-3 (Important)	2022-07-06

BACK