Kaspersky LabKLA10489KLA10489 Multiple vulnerabilities in IBM PowerVC
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
28.0%
Multiple vulnerabilities have been found in IBM PowerVC. Malicious users can exploit these vulnerabilities to spoof user interface or obtain sensitive information.
Below is a complete list of vulnerabilities
- Improper certificate validation can be exploited remotely via a specially designed certificate;
- Lack of access token incapsulation can be exploited locally via manipulations with process list.
Original advisories
Related products
CVE list
CVE-2015-0136 warning
CVE-2015-0137 warning
Solution
Update to latest version!
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- IBM PowerVC 1.2.0 versions earlier than 1.2.0.4IBM PowerVC 1.2.1 all versions
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
28.0%