Automation with Power

Power Business Continuity and Automation

Connect, learn, and share your experiences using the business continuity and automation technologies and practices designed to ensure uninterrupted operations and rapid recovery for workloads running on IBM Power systems. 


#Power
#TechXchangeConferenceLab

 View Only
Back to discussions
Expand all | Collapse all

🔒PTFs for PowerHA 7.4 and 7.5 Security Bulletin - Multiple CVEs in the PowerHA Web Interface [CVE-2024-55897, CVE-2024-55896] (2024.12.30)

  • 1.  🔒PTFs for PowerHA 7.4 and 7.5 Security Bulletin - Multiple CVEs in the PowerHA Web Interface [CVE-2024-55897, CVE-2024-55896] (2024.12.30)

    Posted Mon December 30, 2024 04:28 PM

    The IBM PowerHA SystemMirror for IBM i Web Interface in 7.4 and 7.5 is vulnerable to obtaining cookie values (CVE-2024-55897) and hijacking the clicking action of users (CVE-2024-55896) as described in the following security bulletin:  https://www.ibm.com/support/pages/node/7180036

    Remediation/Fixes

    The issues can be fixed by applying a PTF to IBM i.  IBM i releases 7.5 and 7.4 will be fixed.
    The IBM i PTF numbers for 5770-HAS contain the fix for the vulnerabilities.
     



    ------------------------------
    Thanks,
    Brian Nordland
    Director of Development at Fortra
    ------------------------------

    #PowerHAfori


Related Content