KLA10489
Multiple vulnerabilities in IBM PowerVC
Обновлено: 17/06/2019
Дата обнаружения
23/03/2015
Уровень угрозы
Warning
Описание

Multiple vulnerabilities have been found in IBM PowerVC. Malicious users can exploit these vulnerabilities to spoof user interface or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Improper certificate validation can be exploited remotely via a specially designed certificate;
  2. Lack of access token incapsulation can be exploited locally via manipulations with process list.
Пораженные продукты

IBM PowerVC 1.2.0 versions earlier than 1.2.0.4
IBM PowerVC 1.2.1 all versions

Решение

Update to latest version!

Оказываемое влияние
?
OSI 
[?]

SUI 
[?]
Связанные продукты
IBM PowerVC
CVE-IDS
CVE-2015-01362.1Warning
CVE-2015-01374.3Warning