IBM HMC Multiple Vulnerabilities

by Carol~ Moderator - 4/4/13 8:40 AM

In Reply to: VULNERABILITIES / FIXES - April 04, 2013 by Carol~ Moderator

Release Date : 2013-04-04

Criticality level : Highly critical
Impact : Security Bypass
Spoofing
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status: Vendor Patch

Operating System : IBM Hardware Management Console (HMC)

Description:
IBM has acknowledged multiple vulnerabilities in IBM Hardware Management Console (HMC), which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise an application using the library.

The vulnerabilities are caused due to a bundled vulnerable version of OpenSSL.

The vulnerabilities are reported in versions prior to V7R7.7.0.

Solution:
Upgrade to V7R7.7.0 (MH01343) and apply efixes MH01355 and MH01345

Original Advisory:
IBM:
http://www.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e

http://secunia.com/advisories/52892/