Vulnerability Description
The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Power 5 System Firmware | <= sf240_418 |
| Ibm | Power 5 | 9110-51a |
Related Weaknesses (CWE)
References
- http://aix.software.ibm.com/aix/efixes/security/squadrons_advisory.ascVendor Advisory
- http://www.kb.cert.org/vuls/id/194604US Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79736
- http://aix.software.ibm.com/aix/efixes/security/squadrons_advisory.ascVendor Advisory
- http://www.kb.cert.org/vuls/id/194604US Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79736
FAQ
What is CVE-2012-4856?
CVE-2012-4856 is a vulnerability with a CVSS score of 7.9 (HIGH). The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecif...
How severe is CVE-2012-4856?
CVE-2012-4856 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4856?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Power 5 System Firmware, Ibm Power 5.