CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2188
https://notcve.org/view.php?id=CVE-2012-2188
IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character. IBM Power Hardware Management Console (HMC) v7R3.5.0 anteriores a vSP4, v7R7.1.0 y 7R7.2.0 anteriores a v7R7.2.0 SP3, y 7R7.3.0 anteriores a SP2, y Systems Director Management Console (SDMC) v6R7.3.0 anteriores a SP2, no restringe de forma adecuada el comando VIOS viosrvcmd, lo que permite a usuarios locales a obtener privilegios a través de vectores que implican los caracteres (1) $ (signo del dolar) o (2) & (ampersand). • http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825 http://www.ibm.com/support/docview.wss?uid=isg1MB03548 http://www.ibm.com/support/docview.wss?uid=isg1MB03550 http://www.ibm.com/support/docview.wss?uid=isg1MB03554 http://www.ibm.com/support/docview.wss?uid=isg1MB03580 https://exchange.xforce.ibmcloud.com/vulnerabilities/75906 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1806
https://notcve.org/view.php?id=CVE-2009-1806
Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.4.0 SP2, when Active Memory Sharing is used, has unknown impact and attack vectors, related to a shared memory partition and a shared memory pool with redundant paging Virtual I/O Server (VIOS) partitions. NOTE: some of these details are obtained from third party information. Vulnerabilidad sin especificar en IBM Hardware Management Console (HMC) 7 release v3.4.0 SP2, cuando la memoria activa compartida es utilizada, tiene un impacto y vectores de ataque desconocidos, relacionado con una partición de memoria compartida y una pila de memoria compartida con particiones de paginación virtual I/O de servidores (VIOS) redundantes. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • http://www-1.ibm.com/support/docview.wss?uid=isg1MB03011 http://www-933.ibm.com/support/fixcentral/firmware/readme?fixid=MH01181 http://www.securityfocus.com/bid/35113 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4671 https://exchange.xforce.ibmcloud.com/vulnerabilities/50910 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0178
https://notcve.org/view.php?id=CVE-2009-0178
Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors. Vulnerabilidad no especificada en IBM Hardware Management Console (HMC) 7 release v3.2.0 SP1 tiene un impacto y vectores de ataque desconocidos. • http://osvdb.org/51432 http://secunia.com/advisories/33518 http://www-1.ibm.com/support/docview.wss?uid=isg1MB02834 http://www.securityfocus.com/bid/33293 http://www.vupen.com/english/advisories/2009/0158 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4521 https://exchange.xforce.ibmcloud.com/vulnerabilities/48010 •
CVSS: 5.0EPSS: 5%CPEs: 2EXPL: 0CVE-2008-5035
https://notcve.org/view.php?id=CVE-2008-5035
The Resource Monitoring and Control (RMC) daemon in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 and 3.3.0 SP2 allows remote attackers to cause a denial of service (daemon crash or hang) via a packet with an invalid length. El demonio de Control y gestión de Recursos (RMC) en la Consola de Gestión de Hardware de IBM (HMC) 7 v3.2.0 SP1 y v3.3.0 SP2 permite a atacantes remotos provocar una denegación de servicio (cuelgue o caída del demonio) a través de un paquete con longitud inválida. • http://secunia.com/advisories/32571 http://www-1.ibm.com/support/docview.wss?uid=isg1MB02482 http://www-1.ibm.com/support/docview.wss?uid=isg1MB02485 http://www.securityfocus.com/bid/32181 http://www.vupen.com/english/advisories/2008/3051 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4441 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4442 https://exchange.xforce.ibmcloud.com/vulnerabilities/46413 https://www14.software.ibm. • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 0CVE-2008-0495
https://notcve.org/view.php?id=CVE-2008-0495
Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors. Vulnerabilidad sin especificar en el servidor Pegasus CIM en IBM Hardware Management Console (HMC) 7 R3.2.0 permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://secunia.com/advisories/28667 http://secunia.com/advisories/29056 http://www-1.ibm.com/support/docview.wss?uid=isg1MB02236 http://www.securityfocus.com/bid/27484 http://www.securitytracker.com/id?1019280 http://www.vupen.com/english/advisories/2008/0323 http://www.vupen.com/english/advisories/2008/0638 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129 https://exchange.xforce.ibmcloud.com/vulnerabilities/40021 https://www14.software.ibm.com/weba •