Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM16D3A615FE4F0DE2B2888F9DDFD360888D581F752D485F410B6F620F759D6010
HistorySep 22, 2021 - 11:05 p.m.

Security Bulletin: Vulnerabilities in Glibc affect Power Hardware Management Console ( CVE-2017-15670, CVE-2017-12132, CVE-2015-5180, CVE-2014-9402)

2021-09-2223:05:38
www.ibm.com
23

0.107 Low

EPSS

Percentile

95.1%

JSON

Summary

Glibc is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs

Vulnerability Details

Relevant CVE Information:

CVEID: CVE-2017-15670 DESCRIPTION: GNU C Library is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the glob function in glob.c. By sending a specially-crafted string, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133915&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-12132 DESCRIPTION: GNU C Library (aka glibc or libc6) could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An attacker could exploit this vulnerability to perform off-path DNS spoofing attacks.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/129949&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-5180 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL pointer dereference in the res_query function in libresolv. By using a malformed pattern, a remote attacker could cause the process to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130620&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2014-9402 DESCRIPTION: glibc is vulnerable to a denial of service, caused by an error in the getanswer_r() function. If the DNS backend is activated, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99289&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Power HMC V8.8.6.0
Power HMC V8.8.7.0
Power HMC V9.1.910.0

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/&gt;

Product

|

VRMF

|

APAR

|

Remediation/Fix

—|—|—|—

Power HMC

|

V8.8.6.0 SP3

|

MB04172

|

MH01784

Power HMC

|

V8.8.7.0 SP2 ppc

|

MB04174

|

MH01786

Power HMC

|

V8.8.7.0 Sp2 x86

|

MB04173

|

MH01785

Power HMC

|

V9.1.920.1 ppc

| MB04176 | MH01788
Power HMC | V9.1.920.1 x86 | MB04175 | MH01787

Workarounds and Mitigations

None

CPENameOperatorVersion
hardware management console v9eqany

Related

nessus 57
amazon 2
redhat 2
centos 2
ibm 27
oraclelinux 4
openvas 36
nvd 4
prion 4
ubuntucve 4
veracode 3
cvelist 4
mageia 4
cve 4
f5 5
fedora 5
debiancve 4
symantec 1
redhatcve 2
osv 4
debian 2
archlinux 3
altlinux 2
photon 3
gentoo 1
ubuntu 3
suse 5
securityvulns 1
cloudfoundry 1
nessus
nessus
Scientific Linux Security Update : glibc on SL7.x x86_64 (20180410)
2018-05-01 00:00:00
RHEL 7 : glibc (RHSA-2018:0805)
2018-04-11 00:00:00
Oracle Linux 7 : glibc (ELSA-2018-0805)
2018-04-18 00:00:00
amazon
amazon
Important: glibc
2018-05-10 17:45:00
Medium: glibc
2018-07-24 16:02:00
redhat
redhat
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update
2018-04-10 05:01:26
(RHSA-2018:1879) Moderate: glibc security and bug fix update
2018-06-19 02:11:42
centos
centos
glibc, nscd security update
2018-04-26 17:41:43
glibc, nscd security update
2018-06-21 11:55:22
ibm
ibm
Security Bulletin: Vulnerabilities in glibc affect PowerKVM
2018-09-26 17:55:02
Security Bulletin: IBM QRadar Network Security is affected by GNU C library (glibc) vulnerabilities
2018-07-25 14:25:32
Security Bulletin: IBM MQ Appliance is affected by glibc vulnerabilities
2019-01-04 11:45:01
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2018-04-16 00:00:00
glibc security update
2018-04-18 00:00:00
glibc security update
2018-06-28 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:2883-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2185-1)
2021-04-19 00:00:00
Mageia: Security Advisory (MGASA-2017-0470)
2022-01-28 00:00:00
nvd
nvd
CVE-2017-12132
2017-08-01 16:29:00
CVE-2015-5180
2017-06-27 20:29:00
CVE-2014-9402
2015-02-24 15:59:02
prion
prion
Design/Logic Flaw
2017-08-01 16:29:00
Design/Logic Flaw
2015-02-24 15:59:00
Heap overflow
2017-10-20 17:29:00
ubuntucve
ubuntucve
CVE-2017-12132
2017-08-01 00:00:00
CVE-2014-9402
2015-02-24 00:00:00
CVE-2017-15670
2017-10-20 00:00:00
veracode
veracode
DNS Spoofing
2019-05-16 02:50:40
Arbitrary Code Execution
2019-01-15 09:23:51
Denial Of Service (DoS)
2019-05-16 02:50:40
cvelist
cvelist
CVE-2017-12132
2017-08-01 16:00:00
CVE-2015-5180
2017-06-27 20:00:00
CVE-2014-9402
2015-02-24 15:00:00
mageia
mageia
Updated glibc packages fix security vulnerabilities
2017-12-22 13:31:08
Updated glibc packages fix security vulnerabilities
2017-12-28 16:16:56
Updated glibc packages fix security vulnerabilities
2015-01-08 15:24:22
cve
cve
CVE-2014-9402
2015-02-24 15:59:02
CVE-2015-5180
2017-06-27 20:29:00
CVE-2017-12132
2017-08-01 16:29:00
f5
f5
SOL16365 - GNU C Library (glibc) vulnerability CVE-2014-9402
2015-04-03 00:00:00
K87355575 : glibc vulnerability CVE-2017-12132
2018-05-29 00:00:00
K16365 : glibc vulnerability CVE-2014-9402
2015-07-23 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: glibc-2.25-8.fc26
2017-08-20 18:36:31
[SECURITY] Fedora 26 Update: glibc-2.25-12.fc26
2017-10-25 23:16:57
[SECURITY] Fedora 27 Update: glibc-2.26-15.fc27
2017-10-24 20:09:17
debiancve
debiancve
CVE-2017-12132
2017-08-01 16:29:00
CVE-2014-9402
2015-02-24 15:59:02
CVE-2017-15670
2017-10-20 17:29:00
symantec
symantec
GNU glibc CVE-2015-5180 Remote Denial of Service Vulnerability
2017-06-27 00:00:00
redhatcve
redhatcve
CVE-2017-12132
2017-08-02 11:19:22
CVE-2017-15670
2017-10-20 17:19:16
osv
osv
CVE-2017-12132
2017-08-01 16:29:00
CVE-2017-15670
2017-10-20 17:29:00
glibc vulnerabilities
2022-12-08 13:17:39
debian
debian
[SECURITY] [DLA 122-1] eglibc security update
2014-12-22 23:19:26
[SECURITY] [DSA 3169-1] eglibc security update
2015-02-23 06:08:58
archlinux
archlinux
glibc: arbitrary code execution
2014-12-18 00:00:00
[ASA-201801-9] glibc: multiple issues
2018-01-10 00:00:00
[ASA-201801-8] lib32-glibc: multiple issues
2018-01-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package glibc version 6:2.17-alt8.M70P.2
2017-10-27 00:00:00
Security fix for the ALT Linux 9 package glibc version 6:2.25-alt3
2017-10-26 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2017-0088
2017-11-30 00:00:00
Important Photon OS Security Update - PHSA-2019-0208
2019-02-11 00:00:00
Critical Photon OS Security Update - PHSA-2017-0082
2017-11-08 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2017-06-20 00:00:00
ubuntu
ubuntu
GNU C Library vulnerabilities
2015-02-26 00:00:00
GNU C Library vulnerabilities
2022-12-08 00:00:00
GNU C Library vulnerabilities
2018-01-17 00:00:00
suse
suse
Security update for glibc (important)
2018-02-28 21:07:38
Security update for glibc (important)
2018-02-15 18:10:28
Security update for glibc (important)
2018-02-20 18:13:58
securityvulns
securityvulns
GNU glibc multiple security vulnerabilities
2015-03-07 00:00:00
cloudfoundry
cloudfoundry
USN-3534-1: GNU C Library vulnerabilities | Cloud Foundry
2018-02-01 00:00:00

0.107 Low

EPSS

Percentile

95.1%

JSON
Related for 16D3A615FE4F0DE2B2888F9DDFD360888D581F752D485F410B6F620F759D6010
nessus57amazon2redhat2centos2ibm27oraclelinux4openvas36nvd4prion4ubuntucve4veracode3cvelist4mageia4cve4f55fedora5debiancve4symantec1redhatcve2osv4debian2archlinux3altlinux2photon3gentoo1ubuntu3suse5securityvulns1cloudfoundry1