Lucene search

IBM5625BFF7A571B465AC06CA13E4AB718C8B8D52882972868ED32C95D3970CA087

HistoryDec 07, 2023 - 10:45 p.m.

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in php (CVE-2018-10548 CVE-2018-12882)

2023-12-0722:45:02

www.ibm.com

ibm

flex system

cmm

php

vulnerabilities

fixed

firmware

update

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.921

Percentile

98.9%

JSON

Summary

IBM Flex System Chassis Management Module (CMM) has addressed the following vulnerabilities in php.

Vulnerability Details

CVEID: CVE-2018-10548 DESCRIPTION: PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in ext/ldap/ldap.c. By sending specially crafted data, an attacker could exploit this vulnerability to mishandle the ldap_get_dn return value and cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142565> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-12882 DESCRIPTION: PHP is vulnerable to a denial of service, caused by a use-after-free in exif_read_from_impl in ext/exif/exif.c. A remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145424> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)