Lucene search

K
ibmIBM74A96245F71880C760709070DF80EC4F8A01B877BB531E3A3A06BC3E387064B9
HistorySep 22, 2021 - 11:38 p.m.

Security Bulletin: Vulnerability in OpenSLP affects Power Hardware Management Console (CVE-2019-5544)

2021-09-2223:38:15
www.ibm.com
19

0.033 Low

EPSS

Percentile

91.3%

Summary

The opensslp packages provide Service Location Protocol (SLP) which is an Internet Engineering Task Force (IETF) standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. And is vulnerable by CVE-2019-5544

Vulnerability Details

CVEID:CVE-2019-5544
**DESCRIPTION:**OpenSLP, as used in Vmware used in ESXi and the Horizon DaaS appliances, is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by slpd_process.c. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172708 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)

Power HMC V8.8.7.0.0

Power HMC V9.1.910.0

Remediation/Fixes

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/&gt;

Product

|

VRMF

|

APAR

|

Remediation/Fix

—|—|—|—

Power HMC

|

V8.8.7.0 SP3 ppc

|

MB04236

|

MH01848

Power HMC

|

V8.8.7.0 SP3 x86

|

MB04235

|

MH01847

Power HMC

|

V9.1.940.0 ppc

|

MB04231

|

MH01843

Power HMC

|

V9.1.940.0 x86

|

MB04230

|

MH01842

Workarounds and Mitigations

None

CPENameOperatorVersion
hardware management console v9eqany