Vulnerabilities > CVE-2012-4856 - Credentials Management vulnerability in IBM Power 5 and Power 5 System Firmware
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://aix.software.ibm.com/aix/efixes/security/squadrons_advisory.asc
- http://aix.software.ibm.com/aix/efixes/security/squadrons_advisory.asc
- http://www.kb.cert.org/vuls/id/194604
- http://www.kb.cert.org/vuls/id/194604
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79736
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79736