There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 2 that is used by Power Hardware Management Console. These issues were disclosed as part of the IBM Java SDK updates in January 2015.
CVEID: CVE-2015-0410**
DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/100151 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2014-6593**
DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/100153 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
Power HMC V7.7.3.0
Power HMC V7.7.7.0
Power HMC V7.7.8.0
Power HMC V7.7.9.0
Power HMC V8.8.1.0
Power HMC V8.8.2.0
Fixes are available for the the HMC versions mentioned below:
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
Power HMC | V7.7.3.0 SP7 | MB03888 | Apply eFix MH01500 |
Power HMC | V7.7.7.0 SP4 | MB03889 | Apply eFix MH01501 |
Power HMC | V7.7.8.0 SP2 | MB03899 | Apply eFix MH01511 |
Power HMC | V7.7.9.0 SP1 | MB03900 | Apply eFix MH01512 |
Power HMC | V8.8.1.0 SP1 | MB03886 | Apply eFix MH01498 |
Power HMC | V8.8.2.0 SP1 | MB03837 | Apply eFix MH01499 |
Note:
1. After applying the PTF, you should restart the HMC.
2. HMC V7.7.3 support is extended only for managing the Power 775 (9125-F2C) also called “PERCS” and “IH”. End Of Service date for managing all other server models was 2013.05.31.
None
CPE | Name | Operator | Version |
---|---|---|---|
power system hardware management console physical appliance | eq | any |