PT-2018-13405 · Ibm · System Management Module

Publicado

2018-11-27

Atualizado

2019-10-03

CVE-2018-16092

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions System Management Module (SMM) versions prior to 1.06

Description The issue concerns the collection of sensitive information by the FFDC feature in the SMM. This feature collects SMM system files, which include SMM user account credentials and the system shadow file, thus potentially exposing sensitive data.

Recommendations For versions prior to 1.06, consider disabling the FFDC feature until a patch is available to prevent the collection of sensitive information.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-16092

Produtos afetados

System Management Module

PT-2018-13405 · Ibm · System Management Module

CVE-2018-16092

Identificadores relacionados

Produtos afetados

Referências · 3