The less library is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE.
CVEID:CVE-2022-48624
**DESCRIPTION:**less could allow a local attacker to execute arbitrary commands on the system, caused by a flaw with omitting shell_quote calls for LESSCLOSE in the close_altfile() function in filename.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the host operating system.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/289398 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
HMC V10.2.1030.0 | V10.2.1030.0 |
HMC V10.3.1050.0 | V10.3.1050.0 |
The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>
Product
|
VRMF
|
APAR
|
Remediation/Fix
—|—|—|—
Power HMC
|
V10.2.1040.0 SP2 x86
|
MB04458
|
MF71693
Power HMC
|
V10.2.1040.0 SP2 ppc
|
MB04459
|
MF71694
Power HMC
|
V10.3.1060.0 x86
|
MB04462
|
MF71697
Power HMC
|
V10.3.1060.0 ppc
|
MB04463
|
MF71698
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | hardware_management_console | any | cpe:2.3:a:ibm:hardware_management_console:any:*:*:*:*:*:*:* |