Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM24FD649B8646C4A9F7D11E66634C11A449A186526F1439E3A9D22D2AD284DF12
HistoryDec 07, 2021 - 7:14 p.m.

Security Bulletin: This Power System update is being released to address CVE-2018-12384

2021-12-0719:14:45
www.ibm.com
13

0.043 Low

EPSS

Percentile

92.3%

JSON

Summary

POWER9: In response to a data leak vulnerability in the network security services, a new Power Systems firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-12384.
This man-in-the-middle attack could provide false completion or errant network transactions or exposure of sensitive data from intercepted SSL connections to ASMI, Redfish, or the service processor message server.

Vulnerability Details

CVEID: CVE-2018-12384
DESCRIPTION: Network Security Services (NSS) could allow a remote attacker to obtain sensitive information, caused by the improper handling of an SSLv2-compatible ClientHello message. By conducting a passive replay attack, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150436&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

The firmware update can be obtained from FixCentral by specifying the Product and fix level as specified in this Remediation section.

Affected Products and Versions

Firmware releases FW910 and FW920 are affected.

Firmware releases FW810, FW820, FW830, FW840, FW860 are affected.

Remediation/Fixes

Customers with the products below, install FW910.30

  1. IBM Power Systems S922 (9009-22A)

  2. IBM Power Systems H922 (9223-22H)

  3. IBM Power Systems S914 (9009-41A)

  4. IBM Power Systems S924 (9009-42A)

  5. IBM Power Systems H924 (9223-42H)

  6. IBM Power Systems L922 (9008-22L)

Customers with the products below, install FW920.30

  1. IBM Power Systems E950(9040-MR9)

  2. IBM Power Systems E980(9080-M9S)

Customers with the products below, install FW860.70

  1. IBM Power System S812(8284-21A)

  2. IBM Power System S822(8284-22A)

  3. IBM Power System S814(8286-41A)

  4. IBM Power System S824(8286-42A)

  5. IBM Power System S812L(8247-21L)

  6. IBM Power System S822L(8247-22L)

  7. IBM Power System S824L(8247-42L)

  8. IBM Power System E850(8408-E8E)

  9. IBM Power System E850C(8408-44E)

  10. IBM Power System E870(9119-MME)

  11. IBM Power System E870C(9080-MME)

  12. IBM Power System E880(9119-MHE)

  13. IBM Power System E880C(9080-MHE)

  14. IBM Power System S812L(5148-21L)

  15. IBM Power System S822L(5148-22L)

Related

prion 1
openvas 21
nessus 29
ubuntucve 1
fedora 12
mageia 1
alpinelinux 1
oraclelinux 2
osv 1
nvd 1
redhat 3
amazon 2
ibm 9
redhatcve 1
f5 1
cve 1
debiancve 1
veracode 1
cvelist 1
centos 2
suse 2
ubuntu 2
photon 2
oracle 2
prion
prion
Design/Logic Flaw
2019-04-29 15:29:00
openvas
openvas
Fedora Update for nss-softokn FEDORA-2018-4a21a8ca59
2018-09-19 00:00:00
Fedora Update for nss-util FEDORA-2018-1a7a5c54c2
2018-09-15 00:00:00
CentOS Update for nss CESA-2018:2898 centos6
2018-10-10 00:00:00
nessus
nessus
Fedora 28 : nspr / nss / nss-softokn / nss-util (2018-1a7a5c54c2)
2019-01-03 00:00:00
NewStart CGSL MAIN 4.05 : nss Vulnerability (NS-SA-2019-0131)
2019-08-12 00:00:00
EulerOS 2.0 SP2 : nss (EulerOS-SA-2018-1358)
2018-11-06 00:00:00
ubuntucve
ubuntucve
CVE-2018-12384
2018-09-04 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: nss-softokn-3.39.0-1.0.fc27
2018-09-18 07:52:53
[SECURITY] Fedora 29 Update: nss-util-3.39.0-2.fc29
2018-09-21 05:42:27
[SECURITY] Fedora 27 Update: nss-3.39.0-1.0.fc27
2018-09-18 07:52:53
mageia
mageia
Updated firefox packages fix security vulnerability
2018-10-01 11:44:39
alpinelinux
alpinelinux
CVE-2018-12384
2019-04-29 15:29:00
oraclelinux
oraclelinux
nss security update
2018-10-09 00:00:00
nss security update
2018-09-25 00:00:00
osv
osv
CVE-2018-12384
2019-04-29 15:29:00
nvd
nvd
CVE-2018-12384
2019-04-29 15:29:00
redhat
redhat
(RHSA-2018:2768) Moderate: nss security update
2018-09-25 17:31:15
(RHSA-2018:2898) Moderate: nss security update
2018-10-09 14:49:24
(RHSA-2018:3505) Critical: Red Hat Ansible Tower 3.3.1-2 Release - Container Image
2018-11-06 15:39:03
amazon
amazon
Medium: nss
2018-10-23 18:41:00
Medium: nss
2018-10-24 16:35:00
ibm
ibm
Security Bulletin: A vulnerability in NSS affects PowerKVM
2018-12-17 14:25:02
Security Bulletin: IBM MQ Appliance is affected by a Mozilla Network Security Services (NSS) vulnerability (CVE-2018-12384)
2019-02-21 11:30:01
Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kiali Istio addon
2019-03-11 15:35:01
redhatcve
redhatcve
CVE-2018-12384
2019-10-09 22:23:49
f5
f5
K41738501 : Mozilla NSS vulnerability CVE-2018-12384
2018-10-26 00:00:00
cve
cve
CVE-2018-12384
2019-04-29 15:29:00
debiancve
debiancve
CVE-2018-12384
2019-04-29 15:29:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 09:26:13
cvelist
cvelist
CVE-2018-12384
2019-04-29 14:22:53
centos
centos
nss security update
2018-10-09 20:22:27
nss security update
2018-09-28 16:44:15
suse
suse
Security update for mozilla-nss (moderate)
2018-12-13 12:16:00
Security update for mozilla-nspr and mozilla-nss (moderate)
2018-12-28 21:12:25
ubuntu
ubuntu
NSS vulnerabilities
2019-02-18 00:00:00
NSS vulnerabilities
2019-01-09 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2019-0239
2019-06-17 00:00:00
Important Photon OS Security Update - PHSA-2019-0172
2019-08-14 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00

0.043 Low

EPSS

Percentile

92.3%

JSON
Related for 24FD649B8646C4A9F7D11E66634C11A449A186526F1439E3A9D22D2AD284DF12
prion1openvas21nessus29ubuntucve1fedora12mageia1alpinelinux1oraclelinux2osv1nvd1redhat3amazon2ibm9redhatcve1f51cve1debiancve1veracode1cvelist1centos2suse2ubuntu2photon2oracle2