Lucene search
+L

4 matches found

vulnersosv
vulnersosv
added 2024/12/02 6:35 p.m.8 views

zhmc-prometheus-exporter (=0.6.1), zhmccli (=0.21.2) potentially affected by CVE-2024-53865 via zhmcclient (=0.30.2)

zhmcclient PYPI version =0.30.2 is affected by a known vulnerability. The following packages have a transitive dependency on zhmcclient and may be impacted: - zhmc-prometheus-exporter =0.6.1 - zhmccli =0.21.2 Source cves: CVE-2024-53865 Source advisory: OSV:GHSA-P57H-3CMC-XPJQ...

8.2CVSS5.8AI score0.00135EPSS
Exploits0
nvd
nvd
added 2024/11/29 7:15 p.m.32 views

CVE-2024-53865

zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...

8.2CVSS0.00135EPSS
Exploits0References2
cvelist
cvelist
added 2024/11/29 6:48 p.m.35 views

CVE-2024-53865 Python package "zhmcclient" has passwords in clear text in its HMC and API logs

zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...

8.2CVSS0.00135EPSS
Exploits0References2
cve
cve
added 2024/11/29 6:48 p.m.108 views

CVE-2024-53865

CVE-2024-53865 affects the Python package zhmcclient, a client library for IBM Z HMC Web Services API. The issue is that in affected versions, password-like properties are written in clear text to API and HMC logs in several operations: boot-ftp-password and ssc-master-pw when creating/updating p...

8.2CVSS8.2AI score0.00135EPSS
Exploits0References2
Rows per page
Query Builder