Man-in-the-Middle Vulnerability in IBM PowerVC Standard
CVE-2015-0137

Currently unrated

Key Information:

Vendor: IBM
Status: Powervc
Vendor: CVE Published:; 24 March 2015

Summary

IBM PowerVC Standard versions 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 are affected by a certificate validation vulnerability. This flaw allows attackers to exploit the Hardware Management Console (HMC) by validating certificates only during the pre-login stage. Consequently, an attacker can launch a man-in-the-middle attack by using a crafted certificate to spoof devices, potentially leading to unauthorized access or manipulation of the system. Proper certificate validation should be enforced at all times to mitigate this risk.

References

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020611

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 24, 2015
Vulnerability Reserved
Nov 18, 2014