Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM44581CEFAAC57F6BA083046E8D17AC3B05F7A3FDCFB70055DF3548236FC99CA6
HistorySep 23, 2021 - 1:31 a.m.

Security Bulletin: Vulnerabilities in Open SSL affect Power Hardware Management Console (CVE-2014-8176,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-3216)

2021-09-2301:31:39
www.ibm.com
21
open ssl
power hardware management console
hmc
cve-2014-8176
cve-2015-1788
cve-2015-1789
cve-2015-1790
remote attacker
denial of service
double-free error

EPSS

0.628

Percentile

97.9%

JSON

Summary

Open SSL is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs

Vulnerability Details

CVEID: CVE-2014-8176**
DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVEID: CVE-2015-1788**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-1789**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-1790**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-1791**
DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-1792**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-3216**
DESCRIPTION:** OpenSSL shipped with Red Hat Enterprise Linux is vulnerable to a denial of service, caused by an out-of-bounds memory read error in ssleay_rand_bytes() function. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103915 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Power HMC V7.3.0.0
Power HMC V7.8.0.0
Power HMC V7.9.0.0
Power HMC V8.1.0.0
Power HMC V8.2.0.0
Power HMC V8.3.0.0

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/&gt;

Product

|

VRMF

|

APAR

|

Remediation/Fix

—|—|—|—

Power HMC

|

V7.7.3.0 SP7

|

MB03935

|

Apply eFix MH01547

Power HMC

|

V7.7.8.0 SP2

|

MB03936

|

Apply eFix MH01548

Power HMC

|

V7.7.9.0 SP2

|

MB03937

|

Apply eFix MH01549

Power HMC

|

V8.8.1.0 SP2

|

MB03938

|

Apply eFix MH01550

Power HMC

|

V8.8.2.0 SP2

|

MB03873

|

Apply Service Pack 2 MH01488

Power HMC

|

V8.8.3.0

|

MB03939

|

Apply eFix MH01551

Workarounds and Mitigations

None

Related

ibm 56
redhat 2
nessus 40
centos 2
securityvulns 2
openvas 45
ubuntu 1
cisco 1
veracode 3
freebsd_advisory 1
freebsd 1
suse 13
oraclelinux 2
amazon 1
arista 1
paloalto 2
gentoo 1
fortinet 1
aix 1
debian 2
osv 2
slackware 1
mageia 1
archlinux 1
symantec 1
altlinux 5
fedora 4
debiancve 1
openssl 1
ubuntucve 1
f5 2
prion 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection
2018-06-16 21:25:43
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web
2018-06-16 21:26:04
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Intrusion Prevention System
2022-02-23 19:48:26
redhat
redhat
(RHSA-2015:1115) Moderate: openssl security update
2015-06-15 00:00:00
(RHSA-2015:1197) Moderate: openssl security update
2015-06-30 00:00:00
nessus
nessus
Oracle Linux 6 / 7 : openssl (ELSA-2015-1115)
2015-06-16 00:00:00
CentOS 6 / 7 : openssl (CESA-2015:1115)
2015-06-16 00:00:00
RHEL 6 / 7 : openssl (RHSA-2015:1115)
2015-06-16 00:00:00
centos
centos
openssl security update
2015-06-15 20:01:35
openssl security update
2015-07-02 12:10:41
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2015-06-13 00:00:00
[USN-2639-1] OpenSSL vulnerabilities
2015-06-13 00:00:00
openvas
openvas
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
2016-05-10 00:00:00
CentOS Update for openssl CESA-2015:1115 centos6
2015-06-16 00:00:00
CentOS Update for openssl CESA-2015:1115 centos7
2015-06-16 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-06-11 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
2015-06-12 16:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:39:36
Denial Of Service (DoS) Through Memory Consumption And Application Crash
2017-02-06 05:19:25
Denial Of Service (DoS) Through Memory Consumption And Application Crash
2019-01-15 09:06:14
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:10.openssl
2015-06-12 00:00:00
freebsd
freebsd
openssl -- multiple vulnerabilities
2015-06-11 00:00:00
suse
suse
Security update for openssl (important)
2015-06-25 18:05:48
Security update for compat-openssl098 (important)
2015-06-26 13:05:09
Security update for OpenSSL (important)
2015-07-03 16:06:39
oraclelinux
oraclelinux
openssl security update
2015-06-15 00:00:00
openssl security update
2015-12-14 00:00:00
amazon
amazon
Medium: openssl
2015-06-16 11:29:00
arista
arista
Security Advisory 0011
2015-06-17 00:00:00
paloalto
paloalto
OpenSSL Vulnerabilities
2016-10-18 00:00:00
OpenSSL Vulnerabilities
2016-08-15 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2015-06-22 00:00:00
fortinet
fortinet
OpenSSL vulnerabilities - June 2015
2015-06-11 00:00:00
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-07-15 00:20:05
debian
debian
[SECURITY] [DSA 3287-1] openssl security update
2015-06-13 14:32:55
[SECURITY] [DLA 247-1] openssl security update
2015-06-17 21:46:50
osv
osv
openssl - security update
2015-06-13 00:00:00
openssl - security update
2015-06-17 00:00:00
slackware
slackware
[slackware-security] openssl
2015-06-11 23:01:09
mageia
mageia
Updated openssl package fixes security vulnerabilities
2015-06-19 16:33:05
archlinux
archlinux
openssl: multiple issues
2015-06-12 00:00:00
symantec
symantec
SA98 : OpenSSL Security Advisory 11-June-2015
2015-06-17 08:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt2.M70P.1
2015-06-26 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt3
2015-06-15 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt3
2015-06-15 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: openssl-1.0.1k-10.fc22
2015-06-21 00:19:25
[SECURITY] Fedora 22 Update: openssl-1.0.1k-11.fc22
2015-07-13 19:18:15
[SECURITY] Fedora 21 Update: openssl-1.0.1k-10.fc21
2015-06-24 15:57:49
debiancve
debiancve
CVE-2014-8176
2015-06-12 19:59:00
openssl
openssl
Vulnerability in OpenSSL - Invalid free in DTLS
2015-06-11 00:00:00
ubuntucve
ubuntucve
CVE-2014-8176
2015-06-11 00:00:00
f5
f5
K16920 : OpenSSL vulnerability CVE-2014-8176
2015-07-07 00:00:00
SOL16920 - OpenSSL vulnerability CVE-2014-8176
2015-07-07 00:00:00
prion
prion
Memory corruption
2015-06-12 19:59:00

EPSS

0.628

Percentile

97.9%

JSON
Related for 44581CEFAAC57F6BA083046E8D17AC3B05F7A3FDCFB70055DF3548236FC99CA6
ibm56redhat2nessus40centos2securityvulns2openvas45ubuntu1cisco1veracode3freebsd_advisory1freebsd1suse13oraclelinux2amazon1arista1paloalto2gentoo1fortinet1aix1debian2osv2slackware1mageia1archlinux1symantec1altlinux5fedora4debiancve1openssl1ubuntucve1f52prion1