Security Bulletin: Vulnerability in libexpat (CVE-2022-43680) affects Power HMC

Summary libexpat is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-43680 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a use-after free created by overeager destruction of a shared DTD in...

Security Bulletin: Vulnerability in Firefox (CVE-2022-43926) affects Power HMC

Summary Mozilla Firefox ESR is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-43926 DESCRIPTION: IBM Hardware Management Console - Power could allow a user with physical access to the system to elevate their privileges to...

Security Bulletin: Vulnerability in Kernel (CVE-2022-1012) affects Power HMC

Summary Kernel is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-1012 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a memory leak flaw in the TCP source port generation...

Security Bulletin: Vulnerabilities in Apache HTTP (CVE-2021-33193 and CVE-2021-44224) affects Power HMC

Summary Apache HTTP webserver is used by IBM Power Hardware Management Console HMC for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2021-33193 and CVE-2021-44224 by upgrading IBM Power Hardware...

Security Bulletin: Vulnerability in IBM SDK, Java Technology (CVE-2021-41041) affects Power HMC

Summary IBM Java is used by IBM Power Hardware Management Console HMC for running java applications and services. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2021-41041 by upgrading IBM Power Hardware Management Console HMC respective PTF and thus addressing the...

Security Bulletin: Vulnerability in Apache HTTP (CVE-2022-22720) affects Power HMC

Summary Apache HTTP webserver is used by IBM Power Hardware Management Console HMC for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerability, CVE-2022-22720 by upgrading IBM Power Hardware Management Console H...

Security Bulletin: Vulnerability in OpenSSL (CVE-2022-0778) affects Power HMC

Summary OpenSSL is used by IBM Power Hardware Management Console HMC for cryptography toolkit implementing the Secure Sockets Layer SSL and Transport Layer Security TLS network protocols and related cryptography standards required by them. This bulletin provides a remediation for the impacted...

Security Bulletin: Vulnerability in libssh affects Power Hardware Management Console (CVE-2020-1730).

Summary libssh is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-1730 DESCRIPTION: libssh is vulnerable to a denial of service, caused by the use of uninitialized AES-CTR ciphers. A remote attacker could exploit this...

Security Bulletin: Vulnerability in IBM Java affects Power Hardware Management Console (CVE-2020-2773).

Summary IBM Java is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a...

Security Bulletin: Vulnerability in IBM Java affects Power Hardware Management Console (CVE-2020-27221).

Summary IBM Java is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8...

CVE-2021-29707

IBM HMC Hardware Management Console V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879...

Code injection

IBM HMC Hardware Management Console V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879...

CVE-2021-29707

IBM HMC Hardware Management Console V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879...