9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.236 Low
EPSS
Percentile
95.9%
Power Hardware Management Console is affected by security vulnerabilities in Kerberos.
CVE-ID: CVE-2014-4341
DESCRIPTION: MIT Kerberos is vulnerable to a denial of service, caused by a NULL pointer dereference. By injecting invalid tokens into a GSSAPI application session, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/94904 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-4342
DESCRIPTION: MIT Kerberos is vulnerable to a denial of service, caused by a NULL pointer dereference. By injecting invalid tokens into a GSSAPI application session, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/94903 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-4343
DESCRIPTION: MIT Kerberos 5 (krb5) is vulnerable to a denial of service, caused by a double-free error in the init_ctx_reselect() function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a GSSAPI initiator to crash.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/95211 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-5352
Description: MIT krb5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a double-free error in gss_process_context_token(). An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.000
CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/100842 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVE-ID: CVE-2014-9421
Description: MIT krb5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a double-free error in the kadmind daemon. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.000
CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/100841 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVE-ID: CVE-2014-9422
Description: MIT krb5 could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of authentications to two-component server principals. An attacker could exploit this vulnerability to impersonate arbitrary users.
CVSS Base Score: 6.100
CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/100840 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:C)
CVE-ID: CVE-2014-9423
Description: MIT krb5 could allow a remote attacker to obtain sensitive information, caused by the leak of 4 byte or 8-byte portions of uninitialized memory to the network by the libgssrpc application. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5.000
CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/100839 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Power HMC V8.8.1.0
Power HMC V8.8.2.0
The Following fixes are available on IBM Fix Central at http://www-933.ibm.com/support/fixcentral/
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
Power HMC | V8.8.1.0 SP1 | MB03894 | Apply eFix MH01506 |
Power HMC | V8.8.2.0 SP1 | MB03895 | Apply eFix MH01507 |
None
CPE | Name | Operator | Version |
---|---|---|---|
power system hardware management console physical appliance | eq | any |