Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM567345576590494CB813B386383CCFD2CCE4CD51C93AD9D6FD80D7D632CC8257
HistoryJun 18, 2018 - 1:41 a.m.

Security Bulletin: IBM PurePower Integrated Manager has released instructions in response to the vulnerabilities known as Spectre and Meltdown

2018-06-1801:41:50
www.ibm.com
34

0.976 High

EPSS

Percentile

100.0%

JSON

Summary

IBM has released the following instructions for IBM PurePower Integrated Manager in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. RHEL Server is shipped as a component of PPIM. Information about a security vulnerability affecting RHEL Server has been published in a Red Hat errata.

Vulnerability Details

CVEID: CVE-2017-5753

CVEID: CVE-2017-5715

CVEID: CVE-2017-5754

Affected Products and Versions

Affected Product Name

|

Affected Versions

—|—
PurePower Integrated Manager Appliance | 1.1.0, 1.1.0.1, 1.1.0.2, 1.2.0, 1.2.0.1, 1.2.0.2, 1.2.0.3, 1.2.0.4
PurePower Integrated Manager Service Appliance | 1.1.0, 1.1.0.1, 1.1.0.2, 1.2.0, 1.2.0.1, 1.2.0.2, 1.2.0.3, 1.2.0.4
PurePower Integrated Manager Power VC Appliance| 1.1.0, 1.1.0.1, 1.1.0.2, 1.2.0, 1.2.0.1, 1.2.0.2, 1.2.0.3, 1.2.0.4
PurePower Integrated Manager KVM Host | 1.1.0, 1.1.0.1, 1.1.0.2, 1.2.0, 1.2.0.1, 1.2.0.2, 1.2.0.3, 1.2.0.4

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
PurePower Integrated Manager Appliance | 1.1.0, 1.1.0.1, 1.1.0.2, 1.2.0, 1.2.0.1, 1.2.0.2, 1.2.0.3, 1.2.0.4| Consult the link <https://access.redhat.com/security/vulnerabilities/speculativeexecution&gt; for vulnerability details and information about fixes
PurePower Integrated Manager Service Appliance | 1.1.0, 1.1.0.1, 1.1.0.2, 1.2.0, 1.2.0.1, 1.2.0.2, 1.2.0.3, 1.2.0.4| Consult the link <https://access.redhat.com/security/vulnerabilities/speculativeexecution&gt; for vulnerability details and information about fixes
PurePower Integrated Manager Power VC Appliance| 1.1.0, 1.1.0.1, 1.1.0.2, 1.2.0, 1.2.0.1, 1.2.0.2, 1.2.0.3, 1.2.0.4| Consult the link <https://access.redhat.com/security/vulnerabilities/speculativeexecution&gt; for vulnerability details and information about fixes
PurePower Integrated Manager KVM Host | 1.1.0, 1.1.0.1, 1.1.0.2, 1.2.0, 1.2.0.1, 1.2.0.2, 1.2.0.3, 1.2.0.4| Consult the link <https://access.redhat.com/security/vulnerabilities/speculativeexecution&gt; for vulnerability details and information about fixes

Power Firmware Security fixes:

Consult the link <http://www-01.ibm.com/support/docview.wss?uid=isg3T1026811&gt; for vulnerability details and information about fixes.

HMC Security fixes:

Consult the link <http://www-01.ibm.com/support/docview.wss?uid=nas8N1022442&gt; for vulnerability details and information about fixes.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html&gt;) to be notified of important product support alerts like this.

References

Complete CVSS v2 Guide
On-line Calculator v2

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

29 May 2018 : Original version Published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES ““AS IS”” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

[{“Product”:{“code”:“HWQQQ”,“label”:“PRODUCT NOT FOUND”},“Business Unit”:{“code”:“BU055”,“label”:“Cognitive Applications”},“Component”:“–”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“Version Independent”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}}]

Related

virtuozzo 4
openvas 26
vmware 2
lenovo 2
ibm 26
f5 1
symantec 3
qualysblog 6
suse 5
nessus 61
ubuntu 6
threatpost 3
huawei 2
arista 1
redhat 22
nvidia 7
malwarebytes 2
cloudfoundry 1
paloalto 1
kitploit 1
centos 3
cisco 1
redhatcve 1
mageia 1
seebug 1
oraclelinux 2
googleprojectzero 1
thn 2
cert 1
xen 1
talosblog 1
veeam 1
securelist 1
virtuozzo
virtuozzo
Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 3.10.0-693.11.6.vz7.40.4, Virtuozzo 7.0 Update 6 Hotfix 3 (7.0.6-710)
2018-01-08 00:00:00
Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 2.6.32-042stab127.2, Virtuozzo 6.0 Update 12 Hotfix 20 (6.0.12-3690)
2018-01-06 00:00:00
Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 2.6.32-042stab127.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2018-01-06 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1637)
2020-01-23 00:00:00
Mageia: Security Advisory (MGASA-2018-0080)
2022-01-28 00:00:00
Microsoft Windows Speculative Execution Side-Channel Vulnerabilities (KB4073291)
2018-01-22 00:00:00
vmware
vmware
VMware Virtual Appliance updates address side-channel analysis due to speculative execution
2018-02-08 00:00:00
VMware Virtual Appliance updates address side-channel analysis due to speculative execution
2018-02-08 00:00:00
lenovo
lenovo
Reading Privileged Memory with a Side Channel - Lenovo Support US
2018-10-24 12:22:52
Reading Privileged Memory with a Side Channel - US
2018-10-24 12:22:52
ibm
ibm
Security Bulletin: IBM Resilient recommends the underlying operating system on Resilient servers be upgraded in response to the vulnerabilities known as Spectre and Meltdown (CVE-2017-5753,CVE-2017-5715 CVE,CVE-2017-5754)
2021-04-19 18:24:27
Security Bulletin: IBM QRadar SIEM has released 7.3.1 Patch 4, and 7.2.8 Patch 13 in response to the vulnerabilities known as Spectre and Meltdown.
2018-08-15 16:21:39
Security Bulletin: IBM Security Identity Manager has released a fixpack in response to the vulnerabilities known as Spectre and Meltdown.
2018-06-16 22:06:16
f5
f5
Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754
2018-01-04 04:46:00
symantec
symantec
Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-01-03 00:00:00
Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-01-03 00:00:00
SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks
2018-01-08 08:00:00
qualysblog
qualysblog
Meltdown/Spectre and Qualys Cloud Platform
2018-01-09 02:36:19
Apple in the InfoSec Spotlight, as GitHub Falls Prey to Amplified DDoS Attack
2018-03-02 14:48:53
Processor Vulnerabilities – Meltdown and Spectre
2018-01-04 02:17:43
suse
suse
Security update for the Linux Kernel (important)
2018-01-11 18:10:26
Security update for the Linux Kernel (important)
2018-01-16 21:08:19
Security update for the Linux Kernel (important)
2018-01-22 15:08:49
nessus
nessus
Ubuntu 17.10 : linux vulnerabilities (USN-3541-1) (Meltdown) (Spectre)
2018-01-23 00:00:00
AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)
2018-01-25 00:00:00
AIX 7.1 TL 5 : spectre_meltdown (IJ03033) (Meltdown) (Spectre)
2018-01-25 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2018-01-23 00:00:00
Linux kernel (HWE) vulnerabilities
2018-03-15 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2018-01-23 00:00:00
threatpost
threatpost
Experts Weigh In On Spectre Patch Challenges
2018-01-07 23:21:34
Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts
2018-01-04 13:01:52
Google Releases Spectre PoC Exploit For Chrome
2021-03-16 14:01:06
huawei
huawei
Security Advisory - CPU Vulnerabilities 'Meltdown' and 'Spectre'
2018-01-06 00:00:00
Security Advisory - CPU Vulnerabilities Meltdown and Spectre
2018-06-06 00:00:00
arista
arista
Security Advisory 0031
2018-01-03 00:00:00
redhat
redhat
(RHSA-2018:0182) Important: kernel security and bug fix update
2018-01-25 11:23:54
(RHSA-2018:0496) Important: kernel security and bug fix update
2018-03-13 14:14:17
(RHSA-2018:0018) Important: kernel security update
2018-01-04 12:42:07
nvidia
nvidia
Security Bulletin: NVIDIA GeForce Experience (GFE) Security Updates for CPU Speculative Side Channel Vulnerabilities
2018-01-09 00:00:00
Security Bulletin: NVIDIA Driver Security Updates for CPU Speculative Side Channel Vulnerabilities
2018-01-04 00:00:00
Security Bulletin: NVIDIA Jetson TX1, Jetson TK1, and Tegra K1 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities
2018-01-05 00:00:00
malwarebytes
malwarebytes
Meltdown and Spectre fallout: patching problems persist
2018-01-11 14:00:00
Meltdown and Spectre: what you need to know
2018-01-04 15:53:24
cloudfoundry
cloudfoundry
USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-01-23 00:00:00
paloalto
paloalto
Information about Meltdown and Spectre findings
2018-01-04 00:00:00
kitploit
kitploit
Spectre-Meltdown-Checker - Spectre & Meltdown Vulnerability/Mitigation Checker For Linux
2018-01-08 12:43:00
centos
centos
kernel, perf, python security update
2018-01-04 19:46:26
kernel, perf, python security update
2018-01-04 11:36:27
kernel, perf, python security update
2018-03-14 14:47:28
cisco
cisco
CPU Side-Channel Information Disclosure Vulnerabilities
2018-01-04 22:20:00
redhatcve
redhatcve
CVE-2017-5715
2021-07-20 18:54:09
mageia
mageia
Updated nvidia-current packages mitigates security issues
2018-01-13 17:28:36
seebug
seebug
Reading privileged memory with a side-channel (Meltdown & Spectre)
2018-01-04 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-01-19 00:00:00
kernel security update
2018-01-04 00:00:00
googleprojectzero
googleprojectzero
Reading privileged memory with a side-channel
2018-01-03 00:00:00
thn
thn
Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors
2018-01-03 19:34:00
[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks
2018-01-04 21:18:00
cert
cert
CPU hardware vulnerable to side-channel attacks
2018-01-04 00:00:00
xen
xen
Information leak via side effects of speculative execution
2018-01-03 22:29:00
talosblog
talosblog
Meltdown and Spectre
2018-01-08 09:16:00
veeam
veeam
Meltdown and Spectre vulnerabilities
2018-01-09 00:00:00
securelist
securelist
IT threat evolution Q1 2018
2018-05-14 10:00:08

0.976 High

EPSS

Percentile

100.0%

JSON
Related for 567345576590494CB813B386383CCFD2CCE4CD51C93AD9D6FD80D7D632CC8257
virtuozzo4openvas26vmware2lenovo2ibm26f51symantec3qualysblog6suse5nessus61ubuntu6threatpost3huawei2arista1redhat22nvidia7malwarebytes2cloudfoundry1paloalto1kitploit1centos3cisco1redhatcve1mageia1seebug1oraclelinux2googleprojectzero1thn2cert1xen1talosblog1veeam1securelist1