Vulnerabilites related to ibm - power_hardware_management_console
CVE-2017-1134 (GCVE-0-2017-1134)
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 13:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Tivoli System Automation for Multiplatforms |
Version: 3.1 Version: 3.2 Version: 3.2.1 Version: 3.2.2 Version: 2.2 Version: 2.3 Version: 4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96764",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96764"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998459"
},
{
"name": "1038389",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038389"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli System Automation for Multiplatforms",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "4.1"
}
]
}
],
"datePublic": "2017-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "96764",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96764"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998459"
},
{
"name": "1038389",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038389"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli System Automation for Multiplatforms",
"version": {
"version_data": [
{
"version_value": "3.1"
},
{
"version_value": "3.2"
},
{
"version_value": "3.2.1"
},
{
"version_value": "3.2.2"
},
{
"version_value": "2.2"
},
{
"version_value": "2.3"
},
{
"version_value": "4.1"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96764"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21998459",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998459"
},
{
"name": "1038389",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038389"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1134",
"datePublished": "2017-03-20T16:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:17.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0883 (GCVE-0-2014-0883)
Vulnerability from cvelistv5
Published
2018-04-20 21:00
Modified
2024-08-06 09:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 91163.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Power HMC",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.3.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u0026nbsp; IBM X-Force ID:\u0026nbsp; 91163."
}
],
"value": "IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u00a0 IBM X-Force ID:\u00a0 91163."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T01:18:33.347Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91163"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Power Hardware Management Console cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0883",
"datePublished": "2018-04-20T21:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56477 (GCVE-0-2024-56477)
Vulnerability from cvelistv5
Published
2025-02-14 14:49
Modified
2025-02-14 14:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Power Hardware Management Console |
Version: 10.3.1050.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T14:56:34.649052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T14:56:48.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Power Hardware Management Console",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.3.1050.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
}
],
"value": "IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T14:49:45.839Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7183224"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Power Hardware Management Console directory traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-56477",
"datePublished": "2025-02-14T14:49:45.839Z",
"dateReserved": "2024-12-26T12:51:40.265Z",
"dateUpdated": "2025-02-14T14:56:48.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3296 (GCVE-0-2012-3296)
Vulnerability from cvelistv5
Published
2012-08-17 20:00
Modified
2024-08-06 19:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:50.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617"
},
{
"name": "50376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50376"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253"
},
{
"name": "hmc-login-panel-xss(77288)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77288"
},
{
"name": "MB03489",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03489"
},
{
"name": "MB03488",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03488"
},
{
"name": "MB03494",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03494"
},
{
"name": "1027433",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617"
},
{
"name": "50376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50376"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253"
},
{
"name": "hmc-login-panel-xss(77288)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77288"
},
{
"name": "MB03489",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03489"
},
{
"name": "MB03488",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03488"
},
{
"name": "MB03494",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03494"
},
{
"name": "1027433",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027433"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-3296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258"
},
{
"name": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257"
},
{
"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617"
},
{
"name": "50376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50376"
},
{
"name": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253"
},
{
"name": "hmc-login-panel-xss(77288)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77288"
},
{
"name": "MB03489",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03489"
},
{
"name": "MB03488",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03488"
},
{
"name": "MB03494",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03494"
},
{
"name": "1027433",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027433"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-3296",
"datePublished": "2012-08-17T20:00:00",
"dateReserved": "2012-06-07T00:00:00",
"dateUpdated": "2024-08-06T19:57:50.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5011 (GCVE-0-2016-5011)
Vulnerability from cvelistv5
Published
2017-04-11 15:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3"
},
{
"name": "91683",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91683"
},
{
"name": "1036272",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036272"
},
{
"name": "[oss-security] 20160711 CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/11/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543"
},
{
"name": "RHSA-2016:2605",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2605.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-11T15:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3"
},
{
"name": "91683",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91683"
},
{
"name": "1036272",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036272"
},
{
"name": "[oss-security] 20160711 CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/11/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543"
},
{
"name": "RHSA-2016:2605",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2605.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5011",
"datePublished": "2017-04-11T15:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-02-14 15:15
Modified
2025-08-18 18:15
Severity ?
Summary
IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7183224 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | power_hardware_management_console | 10.3.1060.0 | |
| ibm | power_hardware_management_console | 10.3.1060.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:10.3.1060.0:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "FED1555E-BE7E-4165-8563-524D8475384B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:10.3.1060.0:sp1:*:*:*:*:x86:*",
"matchCriteriaId": "BEADAEBF-739D-40BC-9CF8-EC3C4C5065C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
},
{
"lang": "es",
"value": "IBM Power Hardware Management Console V10.3.1050.0 podr\u00eda permitir que un usuario autenticado recorra directorios en el sistema. Un atacante podr\u00eda enviar una solicitud de URL especialmente manipulada que contenga secuencias de \"punto punto\" (/../) para ver archivos arbitrarios en el sistema."
}
],
"id": "CVE-2024-56477",
"lastModified": "2025-08-18T18:15:31.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-02-14T15:15:11.887",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7183224"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-17 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | power_hardware_management_console | 7r7.1.0 | |
| ibm | power_hardware_management_console | 7r7.1.0 | |
| ibm | power_hardware_management_console | 7r7.1.0 | |
| ibm | power_hardware_management_console | 7r7.1.0 | |
| ibm | power_hardware_management_console | 7r7.1.0 | |
| ibm | power_hardware_management_console | 7r7.2.0 | |
| ibm | power_hardware_management_console | 7r7.2.0 | |
| ibm | power_hardware_management_console | 7r7.2.0 | |
| ibm | power_hardware_management_console | 7r7.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8713B22-6C55-4037-8DA2-F8AEB1DFFE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.1.0:sp0:*:*:*:*:*:*",
"matchCriteriaId": "47F82428-7E6D-4E70-9851-207B88F80042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "70E8F1BE-5D38-4BA8-9674-A06531B57052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "1804A74D-3DE2-4312-9109-709AB00F88EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.1.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "2759BD94-D49B-488F-ADCA-72168F740507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF8EB61-22AB-4539-85D4-FCEDD1DF8359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.2.0:sp0:*:*:*:*:*:*",
"matchCriteriaId": "C4543110-B8D3-4401-9EDF-164AE6ED00AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3AF038F5-DE6E-49DF-9D4D-6FBA7E53B460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BABBB52-A944-4B6F-8454-C87F2FEB122A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el enlace de Ayuda en el panel de inicio de sesi\u00f3n en IBM Power Hardware Management Console (HMC) v7R7.1.0 antes SP4, v7R7.2.0 antes de SP2 y 7R7.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-3296",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-17T20:55:04.557",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/50376"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03488"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03489"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03494"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id?1027433"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77288"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-11 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kernel | util-linux | * | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 7.3 | |
| redhat | enterprise_linux_eus | 7.4 | |
| redhat | enterprise_linux_eus | 7.5 | |
| redhat | enterprise_linux_eus | 7.6 | |
| redhat | enterprise_linux_eus | 7.7 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.3 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_aus | 7.7 | |
| redhat | enterprise_linux_server_tus | 7.3 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.7 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| ibm | powerkvm | 2.1 | |
| ibm | powerkvm | 3.1 | |
| ibm | power_hardware_management_console | 8.8.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E702F1-02DE-44A7-8B50-0030B65F59C9",
"versionEndIncluding": "2.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161594FF-0DF8-43C8-B532-EBB20228023D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0744845-0230-47E7-866A-0880832B31C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:8.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B85F9429-97F4-45E2-A672-B429F2497B2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset."
},
{
"lang": "es",
"value": "La funci\u00f3n parse_dos_extended en partitions/dos.c en la biblioteca libblkid en util-linux permite a atacantes f\u00edsicamente pr\u00f3ximos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de una tabla de particiones MSDOS manipulada con un registro de arranque de partici\u00f3n extendida en desplazamiento cero."
}
],
"id": "CVE-2016-5011",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-11T15:59:00.183",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2605.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/11/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91683"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036272"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2605.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/11/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-20 21:29
Modified
2024-11-21 02:02
Severity ?
Summary
IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 91163.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | power_hardware_management_console | 7r7.1.0 | |
| ibm | power_hardware_management_console | 7r7.2.0 | |
| ibm | power_hardware_management_console | 7r7.3.0 | |
| ibm | power_hardware_management_console | 7r7.3.5 | |
| ibm | power_hardware_management_console | 7r7.4.0 | |
| ibm | power_hardware_management_console | 7r7.5.0 | |
| ibm | power_hardware_management_console | 7r7.6.0 | |
| ibm | power_hardware_management_console | 7r7.7.0 | |
| ibm | power_hardware_management_console | 7r7.7.0 | |
| ibm | power_hardware_management_console | 7r7.7.0 | |
| ibm | power_hardware_management_console | 7r7.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8713B22-6C55-4037-8DA2-F8AEB1DFFE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF8EB61-22AB-4539-85D4-FCEDD1DF8359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BABBB52-A944-4B6F-8454-C87F2FEB122A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8E1AC-5818-4B38-B5CA-C4DED4971651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9AF51303-BBC1-4F08-9679-B921DD1BE1AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D81C766-D383-41FD-AF67-68CC347C988B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C1B1E5-7443-48EB-805C-C857CE7E7488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E755A0F-E499-4AD0-81B3-CD51F84F677A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C6D26DF4-BFBF-423F-B475-A3305CE3C7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B4D2E5AC-81C7-4510-9A2A-01F90CC58AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:7r7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92B51D48-A9F6-4FBF-9E71-9FCC94B0BE45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u00a0 IBM X-Force ID:\u00a0 91163."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 hasta 7R7.3.5, 7R7.7.0 hasta SP3 y 7R7.8.0 anterior al SP1 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el nombre de usuario en la pantalla de inicio de sesi\u00f3n. IBM X-Force ID: 91163."
}
],
"id": "CVE-2014-0883",
"lastModified": "2024-11-21T02:02:58.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "psirt@us.ibm.com",
"type": "Secondary",
"userInteractionRequired": true
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-20T21:29:00.220",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91163"
},
{
"source": "psirt@us.ibm.com",
"url": "https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-20 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21998459 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/96764 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1038389 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21998459 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96764 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038389 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | power_hardware_management_console | 3.3.2 | |
| ibm | power_hardware_management_console | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "233C9E2E-6821-40A3-9313-712E2D38B1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D3F193-3D5F-4A15-8CD0-39BD8714010A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459."
},
{
"lang": "es",
"value": "IBM Reliable Scalable Cluster Technology podr\u00eda permitir a un usuario local escalar sus privilegios para obtener acceso de root. Referencia IBM: 1998459."
}
],
"id": "CVE-2017-1134",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-20T16:59:01.890",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998459"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96764"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1038389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038389"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}