5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.063 Low
EPSS
Percentile
92.6%
Java is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.
CVEID: CVE-2015-0480**
DESCRIPTION:** A directory traversal vulnerability in Oracle Java SE related to the Tools component and the extraction of JAR archive files could allow remote attacker to overwrite files on the system with privileges of another user.
CVSS Base Score: 5.8
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/102334> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVEID: CVE-2015-0486**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Deployment component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/102335> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-0488**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Jrockit related to the JSSE component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/102336> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2015-0478**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/102339> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-0477**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Beans component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/102337> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2015-1916**
DESCRIPTION:** Server applications which use the IBM Java Secure Socket Extension provider to accept SSL/TLS connections are vulnerable to a denial of service attack due to an unspecified vulnerability.
CVSS Base Score: 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/101995> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Power HMC V7.7.3.0
Power HMC V7.7.8.0
Power HMC V7.7.9.0
Power HMC V8.1.0.0
Power HMC V8.2.0.0
Power HMC V8.3.0.0
The following fixes are available on IBM Fix Central at: http://www-933.ibm.com/support/fixcentral/
Product|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—
Power HMC|
V7.7.3.0 SP7|
MB03923| Apply eFix MH01535
Power HMC|
V7.7.8.0 SP2|
MB03924|
Apply eFix MH01536
Power HMC|
V7.7.9.0 SP2|
MB03925|
Apply eFix MH01537
Power HMC|
V8.8.1.0 SP2|
MB03920|
Apply eFix MH01532
Power HMC|
V8.8.2.0 SP1|
MB03926|
Apply eFix MH01538
Power HMC|
V8.8.3.0|
MB03927|
Apply eFix MH01539
Note:
1. For unsupported releases IBM recommends upgrading to a fixed, supported release of the product.
2. After applying the PTF, you should restart the HMC.
3. HMC V7.7.3 support is extended only for managing the Power 775 (9125-F2C) also called “PERCS” and “IH”. End Of Service date for managing all other server models was 2013.05.31.
None
CPE | Name | Operator | Version |
---|---|---|---|
power system hardware management console physical appliance | eq | any |