5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.079 Low
EPSS
Percentile
94.3%
Power Systems Firmware affected by vulnerability in OpenSSL (CVE-2016-0797)
CVEID: CVE-2016-0797**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the BN_hex2bn/BN_dec2bn() function. An attacker could exploit this vulnerability using specially crafted data to cause a denial of service.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111142 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Firmware Versions(840)
840.00: 01SV840_056_056, 01SC840_056_056
840.10: 01SV840_079_056, 01SC840_079_056 ** **
840.11: 01SV840_087_056, 01SC840_087_056
**
Firmware 840 Affected Products:**
IBM Power System S822 (8284-22A)
IBM Power System S814 (8286-41A)
IBM Power System S824 (8286-42A)
IBM Power System S812L (8247-21L)
IBM Power System S822L (8247-22L)
IBM Power System S824L (8247-42L)
IBM Power System E850 (8408-E8E)
IBM Power System E870 (9119-MME)
IBM Power System E880 (9119-MHE)
Customers on Version 840(SV/SC), install 840.20: 01SV840_104_056 or higher, 01SC840_104_056 or higher
The fix can be obtained from FixCentral by specifying the Product as described in the Affected Products and Versions section and fix level as specified in this Remediation/Fixes section.
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.079 Low
EPSS
Percentile
94.3%