Vulnerability CVE-2022-4304 - CERT Civis.Net

Vulnerability Name:

CVE-2022-4304 (CCN-246612)

Assigned:

2022-12-06

Published:

2023-02-07

Updated:

2023-07-19

Summary:

OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.9 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.3 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2022-4304

Source: XF
Type: UNKNOWN
openssl-cve20224304-info-disc(246612)

Source: CCN
Type: Packet Storm Security [02-08-2023]
OpenSSL Toolkit 1.1.1t

Source: CCN
Type: Packet Storm Security [02-08-2023]
OpenSSL Toolkit 3.0.8

Source: CCN
Type: Packet Storm Security [02-07-2023]
OpenSSL Security Advisory 20230207

Source: CCN
Type: IBM Security Bulletin 6955873 (Semeru Runtimes)
Multiple vulnerabilities may affect IBM Semeru Runtime

Source: CCN
Type: IBM Security Bulletin 6958701 (Sterling Connect:Express for UNIX)
IBM Sterling Connect:Express for UNIX is affected by multiple vulnerabilities in OpenSSL

Source: CCN
Type: IBM Security Bulletin 6959033 (Business Automation Workflow traditional)
Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor

Source: CCN
Type: IBM Security Bulletin 6960563 (MQ for HPE NonStop)
IBM MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6960753 (Aspera faspio Gateway)
IBM Aspera faspio Gateway 1.3.2 has addressed multiple openssl vulnerabilities (CVE-2023-0401, CVE-2022-4203, CVE-2022-4304, CVE-2023-0216, CVE-2023-0215, CVE-2022-4450, CVE-2023-0217, CVE-2023-0286)

Source: CCN
Type: IBM Security Bulletin 6962773 (QRadar WinCollect Agent)
IBM QRadar WinCollect agent has multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6963622 (Watson Explorer)
IBM Watson Explorer affected by vulnerability in OpenSSL.

Source: CCN
Type: IBM Security Bulletin 6963634 (App Connect Enterprise)
Multiple vulnerabilities within OpenSSL and Node.js affect IBM App Connect Enterprise and IBM Integration Bus

Source: CCN
Type: IBM Security Bulletin 6963786 (Spectrum Protect Client)
Vulnerabilites in OpenSSL may affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286)

Source: CCN
Type: IBM Security Bulletin 6964854 (AIX)
Multiple vulnerabilities in OpenSSL affect AIX

Source: CCN
Type: IBM Security Bulletin 6965816 (Spectrum Protect Plus)
Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6967701 (z/Transaction Processing Facility)
z/Transaction Processing Facility is affected by multiple OpenSSL vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6980501 (Aspera Faspex)
IBM Aspera Faspex 5.0.5 has addressed CVE-2022-4304

Source: CCN
Type: IBM Security Bulletin 6983274 (Cognos Command Center)
IBM Cognos Command Center is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6983555 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Source: CCN
Type: IBM Security Bulletin 6984425 (Virtualization Engine TS7700 3957-VEC)
Due to use of OpenSSL, IBM Virtualization Engine TS7700 is vulnerable to denial of service (CVE-2023-0215, CVE-2023-0286) and information disclosure (CVE-2022-4304)

Source: CCN
Type: IBM Security Bulletin 6984435 (App Connect Enterprise)
IBM App Connect Enterprise and IBM Integration Bus are vulnerable to denial of service and remote attack due to OpenSSL and cURL libcurl. (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286 & CVE-2022-42915).

Source: CCN
Type: IBM Security Bulletin 6984697 (MobileFirst Foundation)
OpenSSL publicly disclosed vulnerability affects IBM? MobileFirst Platform

Source: CCN
Type: IBM Security Bulletin 6985599 (Safer Payments)
Multiple publicly disclosed OpenSSL vulnerabilities affect IBM Safer Payments

Source: CCN
Type: IBM Security Bulletin 6986249 (Decision Optimization for Cloud Pak for Data)
Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-21835, CVE-2023-21830, CVE-2023-21843 and CVE-2022-4304)

Source: CCN
Type: IBM Security Bulletin 6986323 (MQ Operator)
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, openssl, gnutls, libarchive and libsepol

Source: CCN
Type: IBM Security Bulletin 6986567 (MQ Appliance)
IBM MQ Appliance affected by multiple OpenSSL vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6987065 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service and loss of confidentiality due to [CVE-2022-4304], [CVE-2023-0215], [CVE-2023-0286]

Source: CCN
Type: IBM Security Bulletin 6987461 (DataPower Gateway)
IBM DataPower Gateway affected by multiple CVEs in OpenSSL

Source: CCN
Type: IBM Security Bulletin 6987551 (API Connect)
IBM API Connect is vulnerable to OpenSSL vulnerabilities (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286)

Source: CCN
Type: IBM Security Bulletin 6988351 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6989163 (i)
OpenSSL for IBM i is vulnerable to denial of service attacks and the ability for remote attacker to obtain sensitive information due to multiple vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6989193 (CICS TX Advanced)
CVE-2022-45142, CVE-2022-4304, CVE-2022-4450 and CVE-2023-0215 may affect IBM CICS TX Advanced 10.1

Source: CCN
Type: IBM Security Bulletin 6998707 (Power HMC)
Vulnerability in OpenSSL (CVE-2022-4304, CVE-2022-4450, CVE-2023-0215 and CVE-2023-0286 ) affects Power HMC

Source: CCN
Type: IBM Security Bulletin 6998727 (Cloud Pak for Automation)
Security vulnerabilities are addressed with IBM Cloud Pak for Business

Source: CCN
Type: IBM Security Bulletin 6998753 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: OpenSSL Security Advisory [7th February 2023]
Timing Oracle in RSA Decryption (CVE-2022-4304)

Source: openssl-security@openssl.org
Type: Vendor Advisory
openssl-security@openssl.org

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openssl:openssl:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:3.0.0:*:*:*:*:*:*:*

AND

cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_connect:express:1.5.0:*:*:*:unix:*:*:*

OR cpe:/a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:11.0.0.1:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:datapower_gateway:2018.4.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:analytical_components:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:datapower_gateway:10.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:10.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:datapower_gateway:10.0.4.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_client:8.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:datapower_gateway:10.5.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_client:8.1.7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:safer_payments:6.1.0.00:*:*:*:*:*:*:*

OR cpe:/a:ibm:safer_payments:6.2.0.00:*:*:*:*:*:*:*

OR cpe:/a:ibm:safer_payments:6.3.0.00:*:*:*:*:*:*:*

OR cpe:/a:ibm:safer_payments:6.3.1.03:*:*:*:*:*:*:*

OR cpe:/a:ibm:safer_payments:6.4.0.00:*:*:*:*:*:*:*

OR cpe:/a:ibm:safer_payments:6.4.2.02:*:*:*:*:*:*:*

OR cpe:/a:ibm:safer_payments:6.5.0.00:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8154	P	Security update for openssl-1_0_0 (Moderate) (in QA)	2023-06-20
oval:org.opensuse.security:def:8112	P	Security update for openssl-1_1 (Important) (in QA)	2023-06-20
oval:org.opensuse.security:def:7631	P	libopenssl-3-devel-3.0.8-150500.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8084	P	libopenssl-1_0_0-devel-1.0.2p-150000.3.73.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7630	P	libopenssl-1_1-devel-1.1.1l-150500.15.4 on GA media (Moderate)	2023-06-12
oval:com.redhat.rhsa:def:20231405	P	RHSA-2023:1405: openssl security update (Important)	2023-03-22
oval:com.redhat.rhsa:def:20230946	P	RHSA-2023:0946: openssl security and bug fix update (Important)	2023-03-21
oval:org.opensuse.security:def:51998	P	Security update for openssl-1_1 (Important)	2023-02-07