Medium Severity

Security Bulletin: Vulnerabilities in Apache HTTP (CVE-2021-34798 and CVE-2021-39275) affects Power HMC

Share this post:

Apache HTTP webserver is used by IBM Power Hardware Management Console (HMC) for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2021-34798 and CVE-2021-39275 by upgrading IBM Power Hardware Management Console (HMC) respective PTF and thus addressing the exposure to the vulnerability.

CVE(s): CVE-2021-34798, CVE-2021-39275

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
HMC V10.1.1010.0 V10.1.1010.0 and later
HMC V9.2.950.0 V9.2.950.0 and later

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6590853
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/209518
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/209529

More stories

Security Bulletin: A Security Vulnerability was fixed in IBM Application Gateway.

September 27, 2022 | Medium Severity

IBM Security Application Gateway is vulnerable to cross-site scripting. This has been fixed in IBM Application Gateway 22.07 ...read more


Security Bulletin: IBM WebSphere Application Server is vulnerable to Server-Side Request Forgery (CVE-2022-35282)

September 27, 2022 | Medium Severity

IBM WebSphere Application Server is vulnerable to a server-side request forgery vulnerability. This has been addressed. ...read more


Security Bulletin: Information disclosure vulnerability in IBM QRadar User Behavior Analytics (CVE-2022-36771)

September 27, 2022 | Medium Severity

Non-Admin access to some admin level information was available if users had correct paths to the information. Checks were added to authorize access even when it is not initiated from the user interface. ...read more