Site icon API Security Blog

Security Bulletin: Vulnerability in Apache Tomcat Server (CVE-2024-23672) affects Power HMC

Summary Apache Tomcat Server is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2024-23672 DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an incomplete cleanup flaw. By sending specially crafted WebSocket connections, a remote attacker could exploit this vulnerability to increased resource consumption, and results in a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285496 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Product(s)| Version(s) —|— HMC V10.1.1010.0| V10.1.1010.0 HMC V10.2.1030.0| V10.2.1030.0 HMC V10.3.1050.0| V10.3.1050.0 Remediation/Fixes The following fixes are available on IBM Fix Central at: https://www-933.ibm.com/support/fixcentral/ Product | VRMF | APAR | Remediation/Fix —|—|—|— Power HMC | V10.1.1020.0 SP3 x86 | MB04446 | MF71681 Power HMC | V10.1.1020.0 SP3 ppc | MB04447 | MF71682 Power HMC | V10.2.1040.0 SP2 x86 | MB04448 | MF71683 Power HMC | V10.2.1040.0 SP2 ppc | MB04449 | MF71684 Power HMC | V10.3.1050.0 SP1 x86 | MB04450 | MF71685 Power HMC | V10.3.1050.0 SP1 ppc | MB04451 | MF71686 Workarounds and Mitigations…Read More

Exit mobile version