6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
PowerKVM is affected by vulnerabilities in MIT Kerberos 5 (krb5). IBM has now addressed these vulnerabilities.
CVEID: CVE-2017-11368 DESCRIPTION: MIT Kerberos 5 is vulnerable to a denial of service, caused by a KDC assertion failure. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause memory allocation failure.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130207 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-7562 DESCRIPTION: MIT krb5 could allow a remote authenticated attacker to bypass security restrictions, caused by the improper validation of a forged certificate EKU and SAN. An attacker could exploit vulnerability to gain unauthorized access to the system to impersonate arbitrary principals under rare and erroneous circumstances.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/143332 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
PowerKVM 3.1
Customers can update PowerKVM systems by using “yum update”.\
Fix images are made available via Fix Central. See <https://ibm.biz/BdHggw>. This issue is addressed starting with v3.1.0.2 update 14.
none
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P