Man-in-the-Middle Vulnerability in IBM PowerVC by IBM
CVE-2014-4749

Currently unrated

Key Information:

Vendor: IBM
Status: Powervc
Vendor: CVE Published:; 20 August 2014

Summary

IBM PowerVC versions prior to FixPack 3 fail to properly utilize the known_hosts file, which can lead to man-in-the-middle attacks. This vulnerability allows an attacker to spoof SSH servers by presenting an arbitrary server key, potentially compromising the security of network communications using SSH. It is crucial for users of affected versions to apply the necessary updates to mitigate this risk.

References

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020224

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/94351

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 20, 2014
Vulnerability Reserved
Jul 9, 2014