7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
PowerKVM is affected by vulnerabilities in magios. IBM has now addressed these vulnerabilities.
CVEID: CVE-2017-14312**
DESCRIPTION:** Nagios Core could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the nagios.cfg. By leveraging access to this non-root account, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/131940 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2013-7205**
DESCRIPTION:** Nagios is vulnerable to a denial of service, caused by an off-by-one error in the process_cgivars() function. By sending a specially-crafted key value, an attacker could exploit this vulnerability to trigger an out-of-bounds read error.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89945 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2013-7108**
DESCRIPTION:** Icinga is vulnerable to an off-by-one buffer overflow, caused by improper validation of user supplied input by process_cgivars() method. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89801 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:P)
CVEID: CVE-2013-4214**
DESCRIPTION:** Nagios could allow a local attacker to launch a symlink attack. The html/rss-newsfeed.php script creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86320 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P)
CVEID: CVE-2008-4796**
DESCRIPTION:** Snoopy could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Snoopy.class.php script. An attacker could exploit this vulnerability using a specially-crafted request to execute arbitrary commands with privileges of the application.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/46068 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
PowerKVM v3.1
Customers can update PowerKVM systems by using “yum update”.
Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 11.
none
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C