IBM HMC Multiple Vulnerabilities
Release Date : 2013-04-04
Criticality level : Highly critical
Impact : Security Bypass
Exposure of sensitive information
Where : From remote
Solution Status: Vendor Patch
Operating System : IBM Hardware Management Console (HMC)
IBM has acknowledged multiple vulnerabilities in IBM Hardware Management Console (HMC), which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise an application using the library.
The vulnerabilities are caused due to a bundled vulnerable version of OpenSSL.
The vulnerabilities are reported in versions prior to V7R7.7.0.
Upgrade to V7R7.7.0 (MH01343) and apply efixes MH01355 and MH01345