KLA10489
Multiple vulnerabilities in IBM PowerVC
Updated: 06/01/2019
Detect date
?
03/23/2015
Severity
?
Warning
Description

Multiple vulnerabilities have been found in IBM PowerVC. Malicious users can exploit these vulnerabilities to spoof user interface or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Improper certificate validation can be exploited remotely via a specially designed certificate;
  2. Lack of access token incapsulation can be exploited locally via manipulations with process list.
Affected products

IBM PowerVC 1.2.0 versions earlier than 1.2.0.4
IBM PowerVC 1.2.1 all versions

Solution

Update to latest version!

Impacts
?
OSI 
[?]

SUI 
[?]
Related products
IBM PowerVC
CVE-IDS
?
CVE-2015-01362.1Warning
CVE-2015-01374.3Warning