IBM Advanced Management Module (AMM) has addressed the following vulnerabilities in cURL.
CVEID: CVE-2018-16842 DESCRIPTION: cURL could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the display function in the command line tool. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152300> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
CVEID: CVE-2018-16840 DESCRIPTION: cURL is vulnerable to a denial of service, caused by a heap use-after-free flaw in the Curl_close function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152299> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Product
|
Affected Version
—|—
IBM BladeCenter Advanced Management Module (AMM)
| BPET
IBM BladeCenter T Advanced Management Module (AMM)
| BBET
Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>
Product
|
Affected Version
—|—
IBM BladeCenter Advanced Management Module (AMM)
(ibm_fw_amm_bpet68l-3.68l_anyos_noarch) )
| bpet68l-3.68l
IBM BladeCenter T Advanced Management Module (AMM)
(ibm_fw_amm_bbet68l-3.68l_anyos_noarch)
| bbet68l-3.68l
None
CPE | Name | Operator | Version |
---|---|---|---|
system x blades | eq | any |