Lucene search

K
ibmIBM7220D11949B7D52620C6781366F6EE9BCC14DAE7A86758D6127049F7B122E16F
HistorySep 10, 2024 - 3:16 p.m.

Security Bulletin: Vulnerability in libxml2 library (CVE-2023-39615) affects Power HMC.

2024-09-1015:16:43
www.ibm.com
4
libxml2
power hmc
denial of service
cve-2023-39615
ibm fix central

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

Summary

The libxml2 library is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE.

Vulnerability Details

**CVEID:**CVE-2023-39615 DESCRIPTION: Xmlsoft Libxml2 is vulnerable to a denial of service, caused by a global buffer overflow in the xmlSAX2StartElement() function at /libxml2/SAX2.c. By supplying a crafted XML file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264758 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
HMC V10.2.1030.0 V10.2.1030.0
HMC V10.3.1050.0 V10.3.1050.0

Remediation/Fixes

The following fixes are available on IBM Fix Central at: http://www-933.ibm.com/support/fixcentral/

Product VRMF APAR Remediation/Fix
Power HMC V10.2.1040.0 SP2 x86
MB04466

| MF71701
Power HMC | V10.2.1040.0 SP2 ppc |

MB04467

| MF71702
Power HMC | V10.3.1060.0 x86 |

MB04468

| MF71703
Power HMC | V10.3.1060.0 ppc |

MB04469

| MF71704

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmhardware_management_consoleMatchany
VendorProductVersionCPE
ibmhardware_management_consoleanycpe:2.3:a:ibm:hardware_management_console:any:*:*:*:*:*:*:*

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High