Security Bulletin: Vulnerability in openssh and libssh libraries (CVE-2023-28709) affects Power HMC

Summary The openssh and libssh libraries are used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process ...

Security Bulletin: This Power System update is being released to address CVE-2025-0395

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console and by the Runtime Processor Diagnostics in PowerVM. This bulletin provides a remediation for the impacted vulnerability, CVE-2025-0395, by...

Security Bulletin:IBM TRIRIGA Application Platform may be be afftected by known vulnerabilities in db2jcc4.jar (CVE-2007-2582)

Summary IBM TRIRIGA Application may be vulnerable to mutiple buffer overflows in DB2 Vulnerability Details CVEID:CVE-2007-2582 DESCRIPTION: Multiple buffer overflows in the DB2 JDBC Applet Server DB2JDS service in IBM DB2 9.x and earlier allow remote attackers to 1 execute arbitrary code via a...

Security Bulletin: Vulnerability in Apache Tomcat Server (CVE-2024-52318) affects Power HMC.

Summary The Apache Tomcat Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-52318 DESCRIPTION: Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31,...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38473) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in...

Security Bulletin: This Power System update is being released to address CVE-2024-45656

Summary IBM Flexible Service Processor FSP has static credentials which may allow network users to gain service privileges to the FSP. Vulnerability Details CVEID:CVE-2024-45656 DESCRIPTION: IBM Flexible Service Processor FSP has static credentials which may allow network users to gain service...

Security Bulletin: Vulnerability in MIT Kerberos krb5 (CVE-2024-37371) affects Power HMC.

Summary The MIT Kerberos krb5 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-37371 DESCRIPTION: MIT Kerberos 5 aka krb5 is vulnerable to a denial of service, caused by an invalid memory reads during GSS message...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38474) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38474 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by a substitution...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38475) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38475 DESCRIPTION: Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs ...

Security Bulletin: Vulnerability in nghttp2 (CVE-2024-28182) affects Power HMC.

Summary The nghttp2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0...

Security Bulletin: Vulnerability in libndp (CVE-2024-5564) affects Power HMC.

Summary The libndp library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-5564 DESCRIPTION: libndp is vulnerable to a buffer overflow, caused by improper bounds checking by NetworkManager. By sending a specially crafted...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-39573) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39573 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the modrewrite. By sending a...

Security Bulletin: Vulnerability in MIT Kerberos krb5 (CVE-2024-37370) affects Power HMC.

Summary The MIT Kerberos krb5 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-37370 DESCRIPTION: MIT Kerberos 5 aka krb5 could allow a remote attacker to bypass security restrictions, caused by improper access...

Security Bulletin: Vulnerability in httpd (CVE-2024-27316) affects Power HMC

Summary HTTPD is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-27316 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the failure to check or limit the use of HTTP/2 CONTINUATION frames that...

Security Bulletin: Vulnerability in XStream library affects App Connect Professional

Summary There is vulnerability in the XStream library used by App Connect Professional. App Connect Professional has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in...

Security Bulletin: Vulnerabilities in libssh (CVE-2023-6004, CVE-2023-6918) affect Power HMC.

Summary The libssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-6004 DESCRIPTION: libssh could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the...

Security Bulletin: Vulnerability in openssh (CVE-2020-15778) affects Power HMC.

Summary The openssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2023-38709) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-38709 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by improper input validation in the...

IBM DB2 DoS (7175943) (Unix)

According to its self-reported version number, IBM Db2 on Unix is vulnerable to a denial of service when querying certain tables using a specially crafted statement. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Security Bulletin: IBM Data Virtualization Manager for z/OS has a remote code execution (RCE) vulnerability

Summary IBM Data Virtualization Manager for z/OS has a remote code execution RCE vulnerability in the JDBC component with fix pack dvm-jdbc-3.1.202406111013. Vulnerability Details CVEID: NA Description: Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during...