7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.016 Low
EPSS
Percentile
85.5%
NSS is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE.
CVEID: CVE-2017-7805**
DESCRIPTION:** Potential use-after-free in TLS 1.2 server when verifying client authentication
A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.
CVSS Base Score: 7.5
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Power HMC V8.8.4.0
Power HMC V8.8.5.0
Power HMC V8.8.6.0
Power HMC V8.8.7.0
The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>
Product
|
VRMF
|
APAR
|
Remediation/Fix
—|—|—|—
Power HMC
|
V8.8.4.0 SP3
|
MB04104
|
Power HMC
|
V8.8.5.0 SP3
|
MB04105
|
Power HMC
|
V8.8.6.0 SP2
|
MB04118
|
Power HMC
|
V8.8.7.1 ppc
|
MB04114
|
Power HMC
|
V8.8.7.1 x86
|
MB04113
|
None
CPE | Name | Operator | Version |
---|---|---|---|
power system hardware management console physical appliance | eq | any |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.016 Low
EPSS
Percentile
85.5%