🔒PTFs for PowerHA 7.4 and 7.5 Security Bulletin - Multiple CVEs in the PowerHA Web Interface [CVE-2024-55897, CVE-2024-55896] (2024.12.30)

View Only

Expand all | Collapse all

🔒PTFs for PowerHA 7.4 and 7.5 Security Bulletin - Multiple CVEs in the PowerHA Web Interface [CVE-2024-55897, CVE-2024-55896] (2024.12.30)

1. 🔒PTFs for PowerHA 7.4 and 7.5 Security Bulletin - Multiple CVEs in the PowerHA Web Interface [CVE-2024-55897, CVE-2024-55896] (2024.12.30)

Like

Brian Nordland

IBM Champion

Posted Mon December 30, 2024 04:28 PM

The IBM PowerHA SystemMirror for IBM i Web Interface in 7.4 and 7.5 is vulnerable to obtaining cookie values (CVE-2024-55897) and hijacking the clicking action of users (CVE-2024-55896) as described in the following security bulletin: https://www.ibm.com/support/pages/node/7180036

Remediation/Fixes

The issues can be fixed by applying a PTF to IBM i. IBM i releases 7.5 and 7.4 will be fixed.

The IBM i PTF numbers for 5770-HAS contain the fix for the vulnerabilities.

IBM i Release	5770-HAS PTF Numbers	PTF Download Link
7.5	SJ03222	https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03222
7.4	SJ03274	https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03274

------------------------------
Thanks,
Brian Nordland
Director of Development at Fortra
------------------------------

IBM Power

Connect, learn, share, and engage with IBM Power.

IBM PowerHA for i