libssh2 is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE.
CVEID: CVE-2019-3862 DESCRIPTION: An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.
CVSS Base Score: 7.3
CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector: Network
Access Vector (AV): Network
Power HMC V8.7.0.0
Power HMC V9.1.910.0
The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>
Product
|
VRMF
|
APAR
|
Remediation/Fix
—|—|—|—
Power HMC
|
V8.8.7.0 SP3 ppc
|
MB04223
|
Power HMC
|
V8.8.7.0 SP3 x86
|
MB04222
|
Power HMC
|
V9.1.930.0 SP1 ppc
|
MB04220
|
Power HMC
|
V9.1.930.0 SP1 x86
|
MB04219
|
None
CPE | Name | Operator | Version |
---|---|---|---|
hardware management console v9 | eq | any |