CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
85.1%
IBM Flex System Chassis Management Module (CMM) has addressed the following vulnerabilities in freetype2.
CVEID: CVE-2017-8287 DESCRIPTION: Freetype2 is vulnerable to a denial of service, caused by a heap-based buffer overflow in the t1_builder_close_contour function in psaux/psobjs.c. An attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125406> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-8105 DESCRIPTION: Freetype 2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the t1_decoder_parse_charstrings function in psaux/t1decode.c. A local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125262> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-10244 DESCRIPTION: Freetype is vulnerable to a denial of service, caused by heap-based buffer overflow in the parse_charstrings function in type1/t1load.c. By persuading a victim to open a a crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124256> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
Product
|
Affected Version
—|—
IBM Flex System Chassis Management Module (CMM)
|
2PET
Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>
Product
|
Fix Version
—|—
IBM Flex System Chassis Management Module (CMM)
(ibm_fw_cmm_2pet16c-2.5.12c_anyos_noarch)
|
2pet16c-2.5.12c
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | flex_system_manager | any | cpe:2.3:a:ibm:flex_system_manager:any:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
85.1%