PT-2019-17049 · Ibm · Ibm I
Published
2019-06-14
·
Updated
2023-03-02
·
CVE-2019-4381
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM i version 7.27.3
Description
The issue allows a local attacker to obtain sensitive information by exploiting the use of advanced node failure detection using the REST API to interface with the HMC. This could potentially allow an attacker to obtain HMC credentials.
Recommendations
For IBM i version 7.27.3, consider restricting access to the REST API until a patch is available. As a temporary workaround, limit the use of advanced node failure detection to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm I