NSS is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE.
CVEID: CVE-2017-7805**
DESCRIPTION:** Potential use-after-free in TLS 1.2 server when verifying client authentication
A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.
CVSS Base Score: 7.5
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Power HMC V8.8.4.0
Power HMC V8.8.5.0
Power HMC V8.8.6.0
Power HMC V8.8.7.0
The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>
Product
|
VRMF
|
APAR
|
Remediation/Fix
—|—|—|—
Power HMC
|
V8.8.4.0 SP3
|
MB04104
|
Power HMC
|
V8.8.5.0 SP3
|
MB04105
|
Power HMC
|
V8.8.6.0 SP2
|
MB04118
|
Power HMC
|
V8.8.7.1 ppc
|
MB04114
|
Power HMC
|
V8.8.7.1 x86
|
MB04113
|
None