Lucene search

[email protected]CVE-2014-4749

HistoryAug 20, 2014 - 11:17 a.m.

CVE-2014-4749

2014-08-2011:17:14

CWE-264

[email protected]

web.nvd.nist.gov

ibm powervc

security vulnerability

cve-2014-4749

ssh

known_hosts file

man-in-the-middle attack

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

47.2%

JSON

IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_hosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key.

Affected configurations

NVD

Node

ibmpowervcMatch1.2.0.0express

ibmpowervcMatch1.2.0.0standard

ibmpowervcMatch1.2.0.1express

ibmpowervcMatch1.2.0.1standard

ibmpowervcMatch1.2.0.2express

ibmpowervcMatch1.2.0.2standard

CPENameOperatorVersion
ibm:powervcibm powervceq1.2.0.0
ibm:powervcibm powervceq1.2.0.1
ibm:powervcibm powervceq1.2.0.2

CPE	Name	Operator	Version
ibm:powervc	ibm powervc	eq	1.2.0.0
ibm:powervc	ibm powervc	eq	1.2.0.1
ibm:powervc	ibm powervc	eq	1.2.0.2

References

www-01.ibm.com/support/docview.wss?uid=nas8N1020224

exchange.xforce.ibmcloud.com/vulnerabilities/94351

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

47.2%

JSON

Related for CVE-2014-4749

cvelist1 prion1 nvd1