IBM Hardware Management Console Guided Setup Wizard Unauthorized Access Vulnerability
BID:12629
Info
IBM Hardware Management Console Guided Setup Wizard Unauthorized Access Vulnerability
| Bugtraq ID: | 12629 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 23 2005 12:00AM |
| Updated: | Feb 23 2005 12:00AM |
| Credit: | This issue was reported by the vendor. |
| Vulnerable: |
IBM Hardware Management Console (HMC) for pSeries 4.0 R4.0 IBM Hardware Management Console (HMC) for pSeries 4.0 R3.3 IBM Hardware Management Console (HMC) for pSeries 4.0 R3.2 IBM Hardware Management Console (HMC) for pSeries 4.0 R3.1 IBM Hardware Management Console (HMC) for pSeries 4.0 R2.1 IBM Hardware Management Console (HMC) for pSeries 4.0 R2.0 IBM Hardware Management Console (HMC) for iSeries 4.0 R4.0 IBM Hardware Management Console (HMC) for iSeries 4.0 R3.3 IBM Hardware Management Console (HMC) for iSeries 4.0 R3.2 IBM Hardware Management Console (HMC) for iSeries 4.0 R3.1 IBM Hardware Management Console (HMC) for iSeries 4.0 R2.1 IBM Hardware Management Console (HMC) for iSeries 4.0 R2.0 |
| Not Vulnerable: | |
Discussion
IBM Hardware Management Console Guided Setup Wizard Unauthorized Access Vulnerability
It is reported that a vulnerability affecting IBM Hardware Management Console (HMC) allows local unauthorized users to launch the Guided Setup Wizard and perform various tasks provided by the application.
IBM Hardware Management Console version 4.0 release 2.0 and above are considered vulnerable to this issue. Other versions may be affected as well.
This BID will be updated when more information becomes available.
It is reported that a vulnerability affecting IBM Hardware Management Console (HMC) allows local unauthorized users to launch the Guided Setup Wizard and perform various tasks provided by the application.
IBM Hardware Management Console version 4.0 release 2.0 and above are considered vulnerable to this issue. Other versions may be affected as well.
This BID will be updated when more information becomes available.
Exploit / POC
IBM Hardware Management Console Guided Setup Wizard Unauthorized Access Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
IBM Hardware Management Console Guided Setup Wizard Unauthorized Access Vulnerability
Solution:
IBM has released fixes to address this issue. Please visit the HMC support site in Web references to obtain fixes for affected computers.
Solution:
IBM has released fixes to address this issue. Please visit the HMC support site in Web references to obtain fixes for affected computers.
References
IBM Hardware Management Console Guided Setup Wizard Unauthorized Access Vulnerability
References:
References: