Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM42CD651F2BD0D51490E0A861647BAC1292A04A5D692CAC396B116B30F334F0DB
HistorySep 23, 2021 - 1:31 a.m.

Security Bulletin: Vulnerability in Perl affects Power Hardware Management Console (‪‪CVE-2016-1238‬)

2021-09-2301:31:39
www.ibm.com
8

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.3%

JSON

Summary

Perl is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2016-1238
DESCRIPTION: Perl could allow a local attacker to gain elevated privileges on the system, caused by an error when loading optional modules. By loading code from the current working directory, an attacker could exploit this vulnerability to cause the target Perl application to load and execute arbitrary code on the target system with elevated privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115425 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Power HMC V7.7.9.0

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/&gt;

Product

|

VRMF

|

APAR

|

Remediation/Fix

—|—|—|—

Power HMC

|

V7.7.9.0 SP3

|

MB04044

|

MH01659

Workarounds and Mitigations

None

Related

nessus 35
redhatcve 1
fedora 6
openvas 38
freebsd 2
alpinelinux 1
debiancve 1
debian 5
ubuntucve 1
cve 1
veracode 1
osv 4
f5 1
prion 1
suse 4
ibm 1
mageia 2
photon 1
gentoo 2
rosalinux 1
nessus
nessus
Fedora 24 : 4:perl (2016-e9e5c081d4)
2016-08-05 00:00:00
EulerOS Virtualization for ARM 64 3.0.6.0 : perl-Sys-Syslog (EulerOS-SA-2020-2039)
2020-09-29 00:00:00
EulerOS Virtualization for ARM 64 3.0.6.0 : perl-Test-Harness (EulerOS-SA-2020-2051)
2020-09-28 00:00:00
redhatcve
redhatcve
CVE-2016-1238
2016-07-26 13:18:19
fedora
fedora
[SECURITY] Fedora 24 Update: perl-Module-Load-Conditional-0.68-1.fc24
2016-08-08 20:34:46
[SECURITY] Fedora 24 Update: perl-5.22.2-362.fc24
2016-08-04 20:55:31
[SECURITY] Fedora 23 Update: perl-Module-Load-Conditional-0.68-1.fc23
2016-08-08 23:59:42
openvas
openvas
Huawei EulerOS: Security Advisory for perl-Test-Harness (EulerOS-SA-2020-2051)
2020-09-29 00:00:00
Huawei EulerOS: Security Advisory for perl-ExtUtils-ParseXS (EulerOS-SA-2020-1994)
2020-09-29 00:00:00
Fedora Update for perl FEDORA-2016-6ec2009080
2016-08-20 00:00:00
freebsd
freebsd
perl -- local arbitrary code execution
2016-07-21 00:00:00
spamassassin -- multiple vulnerabilities
2018-09-16 00:00:00
alpinelinux
alpinelinux
CVE-2016-1238
2016-08-02 14:59:00
debiancve
debiancve
CVE-2016-1238
2016-08-02 14:59:00
debian
debian
[SECURITY] [DLA 584-1] libsys-syslog-perl security update
2016-08-04 14:34:39
[SECURITY] [DSA 3628-1] perl security update
2016-07-25 14:18:38
[SECURITY] [DLA 565-1] perl security update
2016-07-28 16:03:17
ubuntucve
ubuntucve
CVE-2016-1238
2016-07-25 00:00:00
cve
cve
CVE-2016-1238
2016-08-02 14:59:00
veracode
veracode
Arbitrary Code Execution
2020-05-10 23:28:29
osv
osv
libsys-syslog-perl - security update
2016-08-04 00:00:00
perl - security update
2016-07-28 00:00:00
perl - security update
2016-07-25 00:00:00
f5
f5
K39909763 : Perl vulnerability CVE-2016-1238
2017-10-25 00:00:00
prion
prion
Directory traversal
2016-08-02 14:59:00
suse
suse
Security update for amavisd-new (moderate)
2019-03-06 00:00:00
Security update for spamassassin (moderate)
2019-08-06 00:00:00
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
ibm
ibm
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple perl vulnerabilities (CVE-2016-1238, CVE-2016-2381, CVE-2015-8853)
2018-06-18 01:34:01
mageia
mageia
Updated spamassassin packages fix security vulnerabilities
2018-10-30 21:01:43
Updated perl packages fix security vulnerability
2018-01-03 18:50:51
photon
photon
Important Photon OS Security Update - PHSA-2017-0010
2017-02-02 00:00:00
gentoo
gentoo
SpamAssassin: Multiple vulnerabilities
2018-12-15 00:00:00
Perl: Multiple vulnerabilities
2017-01-29 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1949
2021-07-02 17:41:47

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.3%

JSON
Related for 42CD651F2BD0D51490E0A861647BAC1292A04A5D692CAC396B116B30F334F0DB
nessus35redhatcve1fedora6openvas38freebsd2alpinelinux1debiancve1debian5ubuntucve1cve1veracode1osv4f51prion1suse4ibm1mageia2photon1gentoo2rosalinux1