Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for power_hardware_management_console by ibm

    CVE-2024-56477 (GCVE-0-2024-56477)

    Vulnerability from nvd – Published: 2025-02-14 14:49 – Updated: 2025-02-14 14:56
    VLAI
    Title
    IBM Power Hardware Management Console directory traversal
    Summary
    IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    ibm
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56477",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-14T14:56:34.649052Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-14T14:56:48.942Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Power Hardware Management Console",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.3.1050.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
                }
              ],
              "value": "IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-14T14:49:45.839Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183224"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Power Hardware Management Console directory traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-56477",
        "datePublished": "2025-02-14T14:49:45.839Z",
        "dateReserved": "2024-12-26T12:51:40.265Z",
        "dateUpdated": "2025-02-14T14:56:48.942Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0883 (GCVE-0-2014-0883)

    Vulnerability from nvd – Published: 2018-04-20 21:00 – Updated: 2024-08-06 09:27
    VLAI
    Title
    IBM Power Hardware Management Console cross-site scripting
    Summary
    IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  91163.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Power HMC Affected: 7.1.0 , ≤ 7.8.0 (semver)
    Affected: 7.3.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:27:20.087Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91163"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Power HMC",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "7.8.0",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "7.3.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u0026nbsp; IBM X-Force ID:\u0026nbsp; 91163."
                }
              ],
              "value": "IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u00a0 IBM X-Force ID:\u00a0 91163."
            }
          ],
          "metrics": [
            {
              "cvssV2_0": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-09T01:18:33.347Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91163"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Power Hardware Management Console cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2014-0883",
        "datePublished": "2018-04-20T21:00:00.000Z",
        "dateReserved": "2014-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:27:20.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5011 (GCVE-0-2016-5011)

    Vulnerability from nvd – Published: 2017-04-11 15:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:40.241Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3"
              },
              {
                "name": "91683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91683"
              },
              {
                "name": "1036272",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036272"
              },
              {
                "name": "[oss-security] 20160711 CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/07/11/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543"
              },
              {
                "name": "RHSA-2016:2605",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2605.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-11T15:57:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3"
            },
            {
              "name": "91683",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91683"
            },
            {
              "name": "1036272",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036272"
            },
            {
              "name": "[oss-security] 20160711 CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/11/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543"
            },
            {
              "name": "RHSA-2016:2605",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2605.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-5011",
        "datePublished": "2017-04-11T15:00:00.000Z",
        "dateReserved": "2016-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:40.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1134 (GCVE-0-2017-1134)

    Vulnerability from nvd – Published: 2017-03-20 16:00 – Updated: 2024-08-05 13:25
    VLAI
    Summary
    IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459.
    Severity
    No CVSS data available.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Tivoli System Automation for Multiplatforms Affected: 3.1
    Affected: 3.2
    Affected: 3.2.1
    Affected: 3.2.2
    Affected: 2.2
    Affected: 2.3
    Affected: 4.1
    Create a notification for this product.
    Date Public
    2017-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:25:17.200Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96764",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96764"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21998459"
              },
              {
                "name": "1038389",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038389"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tivoli System Automation for Multiplatforms",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "3.2"
                },
                {
                  "status": "affected",
                  "version": "3.2.1"
                },
                {
                  "status": "affected",
                  "version": "3.2.2"
                },
                {
                  "status": "affected",
                  "version": "2.2"
                },
                {
                  "status": "affected",
                  "version": "2.3"
                },
                {
                  "status": "affected",
                  "version": "4.1"
                }
              ]
            }
          ],
          "datePublic": "2017-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "96764",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96764"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21998459"
            },
            {
              "name": "1038389",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038389"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2017-1134",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tivoli System Automation for Multiplatforms",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1"
                              },
                              {
                                "version_value": "3.2"
                              },
                              {
                                "version_value": "3.2.1"
                              },
                              {
                                "version_value": "3.2.2"
                              },
                              {
                                "version_value": "2.2"
                              },
                              {
                                "version_value": "2.3"
                              },
                              {
                                "version_value": "4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96764",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96764"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21998459",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21998459"
                },
                {
                  "name": "1038389",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038389"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1134",
        "datePublished": "2017-03-20T16:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:25:17.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3296 (GCVE-0-2012-3296)

    Vulnerability from nvd – Published: 2012-08-17 20:00 – Updated: 2024-08-06 19:57
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    Date Public
    2012-08-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:57:50.500Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617"
              },
              {
                "name": "50376",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/50376"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253"
              },
              {
                "name": "hmc-login-panel-xss(77288)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77288"
              },
              {
                "name": "MB03489",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03489"
              },
              {
                "name": "MB03488",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03488"
              },
              {
                "name": "MB03494",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03494"
              },
              {
                "name": "1027433",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1027433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-08-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617"
            },
            {
              "name": "50376",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/50376"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253"
            },
            {
              "name": "hmc-login-panel-xss(77288)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77288"
            },
            {
              "name": "MB03489",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03489"
            },
            {
              "name": "MB03488",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03488"
            },
            {
              "name": "MB03494",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03494"
            },
            {
              "name": "1027433",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1027433"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2012-3296",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258"
                },
                {
                  "name": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257"
                },
                {
                  "name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617"
                },
                {
                  "name": "50376",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/50376"
                },
                {
                  "name": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253"
                },
                {
                  "name": "hmc-login-panel-xss(77288)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77288"
                },
                {
                  "name": "MB03489",
                  "refsource": "AIXAPAR",
                  "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03489"
                },
                {
                  "name": "MB03488",
                  "refsource": "AIXAPAR",
                  "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03488"
                },
                {
                  "name": "MB03494",
                  "refsource": "AIXAPAR",
                  "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03494"
                },
                {
                  "name": "1027433",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1027433"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2012-3296",
        "datePublished": "2012-08-17T20:00:00.000Z",
        "dateReserved": "2012-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:57:50.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-56477 (GCVE-0-2024-56477)

    Vulnerability from cvelistv5 – Published: 2025-02-14 14:49 – Updated: 2025-02-14 14:56
    VLAI
    Title
    IBM Power Hardware Management Console directory traversal
    Summary
    IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    ibm
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56477",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-14T14:56:34.649052Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-14T14:56:48.942Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Power Hardware Management Console",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.3.1050.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
                }
              ],
              "value": "IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-14T14:49:45.839Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183224"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Power Hardware Management Console directory traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-56477",
        "datePublished": "2025-02-14T14:49:45.839Z",
        "dateReserved": "2024-12-26T12:51:40.265Z",
        "dateUpdated": "2025-02-14T14:56:48.942Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0883 (GCVE-0-2014-0883)

    Vulnerability from cvelistv5 – Published: 2018-04-20 21:00 – Updated: 2024-08-06 09:27
    VLAI
    Title
    IBM Power Hardware Management Console cross-site scripting
    Summary
    IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  91163.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Power HMC Affected: 7.1.0 , ≤ 7.8.0 (semver)
    Affected: 7.3.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:27:20.087Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91163"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Power HMC",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "7.8.0",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "7.3.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u0026nbsp; IBM X-Force ID:\u0026nbsp; 91163."
                }
              ],
              "value": "IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u00a0 IBM X-Force ID:\u00a0 91163."
            }
          ],
          "metrics": [
            {
              "cvssV2_0": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-09T01:18:33.347Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91163"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Power Hardware Management Console cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2014-0883",
        "datePublished": "2018-04-20T21:00:00.000Z",
        "dateReserved": "2014-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:27:20.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5011 (GCVE-0-2016-5011)

    Vulnerability from cvelistv5 – Published: 2017-04-11 15:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:40.241Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3"
              },
              {
                "name": "91683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91683"
              },
              {
                "name": "1036272",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036272"
              },
              {
                "name": "[oss-security] 20160711 CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/07/11/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543"
              },
              {
                "name": "RHSA-2016:2605",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2605.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-11T15:57:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3"
            },
            {
              "name": "91683",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91683"
            },
            {
              "name": "1036272",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036272"
            },
            {
              "name": "[oss-security] 20160711 CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/11/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543"
            },
            {
              "name": "RHSA-2016:2605",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2605.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-5011",
        "datePublished": "2017-04-11T15:00:00.000Z",
        "dateReserved": "2016-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:40.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1134 (GCVE-0-2017-1134)

    Vulnerability from cvelistv5 – Published: 2017-03-20 16:00 – Updated: 2024-08-05 13:25
    VLAI
    Summary
    IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459.
    Severity
    No CVSS data available.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Tivoli System Automation for Multiplatforms Affected: 3.1
    Affected: 3.2
    Affected: 3.2.1
    Affected: 3.2.2
    Affected: 2.2
    Affected: 2.3
    Affected: 4.1
    Create a notification for this product.
    Date Public
    2017-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:25:17.200Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96764",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96764"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21998459"
              },
              {
                "name": "1038389",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038389"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tivoli System Automation for Multiplatforms",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "3.2"
                },
                {
                  "status": "affected",
                  "version": "3.2.1"
                },
                {
                  "status": "affected",
                  "version": "3.2.2"
                },
                {
                  "status": "affected",
                  "version": "2.2"
                },
                {
                  "status": "affected",
                  "version": "2.3"
                },
                {
                  "status": "affected",
                  "version": "4.1"
                }
              ]
            }
          ],
          "datePublic": "2017-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "96764",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96764"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21998459"
            },
            {
              "name": "1038389",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038389"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2017-1134",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tivoli System Automation for Multiplatforms",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1"
                              },
                              {
                                "version_value": "3.2"
                              },
                              {
                                "version_value": "3.2.1"
                              },
                              {
                                "version_value": "3.2.2"
                              },
                              {
                                "version_value": "2.2"
                              },
                              {
                                "version_value": "2.3"
                              },
                              {
                                "version_value": "4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96764",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96764"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21998459",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21998459"
                },
                {
                  "name": "1038389",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038389"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1134",
        "datePublished": "2017-03-20T16:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:25:17.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3296 (GCVE-0-2012-3296)

    Vulnerability from cvelistv5 – Published: 2012-08-17 20:00 – Updated: 2024-08-06 19:57
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    Date Public
    2012-08-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:57:50.500Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617"
              },
              {
                "name": "50376",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/50376"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253"
              },
              {
                "name": "hmc-login-panel-xss(77288)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77288"
              },
              {
                "name": "MB03489",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03489"
              },
              {
                "name": "MB03488",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03488"
              },
              {
                "name": "MB03494",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03494"
              },
              {
                "name": "1027433",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1027433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-08-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617"
            },
            {
              "name": "50376",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/50376"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253"
            },
            {
              "name": "hmc-login-panel-xss(77288)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77288"
            },
            {
              "name": "MB03489",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03489"
            },
            {
              "name": "MB03488",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03488"
            },
            {
              "name": "MB03494",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03494"
            },
            {
              "name": "1027433",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1027433"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2012-3296",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258"
                },
                {
                  "name": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257"
                },
                {
                  "name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617"
                },
                {
                  "name": "50376",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/50376"
                },
                {
                  "name": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253"
                },
                {
                  "name": "hmc-login-panel-xss(77288)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77288"
                },
                {
                  "name": "MB03489",
                  "refsource": "AIXAPAR",
                  "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03489"
                },
                {
                  "name": "MB03488",
                  "refsource": "AIXAPAR",
                  "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03488"
                },
                {
                  "name": "MB03494",
                  "refsource": "AIXAPAR",
                  "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03494"
                },
                {
                  "name": "1027433",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1027433"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2012-3296",
        "datePublished": "2012-08-17T20:00:00.000Z",
        "dateReserved": "2012-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:57:50.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }