Lucene search

K
ibmIBM2282139E386758E8CB30CBE5F17F00083118AA71796921F40156E5CF42BE8A6F
HistoryFeb 28, 2020 - 9:24 p.m.

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a libcurl security vulnerability (CVE-2019-5482)

2020-02-2821:24:11
www.ibm.com
13

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Summary

IBM Integrated Management Module II (IMM2) is affected by a libcurl security vulnerability (CVE-2019-5482)

Vulnerability Details

CVEID:CVE-2019-5482
**DESCRIPTION:**cURL libcurl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tftp_receive_packet function. By sending specially-crafted request containing an OACK without the BLKSIZE option, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166942 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Integrated Management Module II (IMM2) for System x and Flex 1AOO
IBM Integrated Management Module II (IMM2) for BladeCenter 1AOO

Remediation/Fixes

Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/&gt;

Affected Product(s) Version(s)

IBM Integrated Management Module II (IMM2) for System x and Flex

(ibm_fw_imm2_1aoo92ab-7.60_anyos_noarch)

| 1AOO92A-7.60

IBM Integrated Management Module II (IMM2) for BladeCenter

(ibm_fw_imm2_1aoo92a-7.60-bc_anyos_noarch)

| 1AOO92A-7.60-bc

Workarounds and Mitigations

None

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Related for 2282139E386758E8CB30CBE5F17F00083118AA71796921F40156E5CF42BE8A6F