Improper Restrictions When Rendering iFrames in PowerHA Web Interface

FI-2025-001 - Improper Restrictions When Rendering iFrames in PowerHA Web Interface

Severity

Medium

Published Date

07-Jan-2025

Updated Date

07-Jan-2025

Vulnerabilities

CVE-2024-55896

Notes

Description

IBM PowerHA contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system.

Vulnerabilities

Improper Restrictions When Rendering iFrames in PowerHA Web Interface

Severity

Medium

CVE

CVE-2024-55896

CWE

CWE-451:User Interface (UI) Misrepresentation of Critical Information

Discovery Date

17-Nov-2023

CSSv3.1

5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products

PowerHA 7.5
PowerHA 7.4

Vulnerability Notes

Remediation: Vendor Fix

The issues can be fixed by applying a PTF to IBM i. IBM i releases 7.5 and 7.4 will be fixed.

The IBM i PTF numbers for 5770-HAS contain the fix for the vulnerabilities.

References

CVE-2024-55896 (https://www.cve.org/CVERecord?id=CVE-2024-55896)

References

Security Bulletin: IBM PowerHA SystemMirror for IBM i is vulnerable to multiple vulnerabilities in the PowerHA Web Interface [CVE-2024-55897, CVE-2024-55896]

Improper Restrictions When Rendering iFrames in PowerHA Web Interface

FI-2025-001 - Improper Restrictions When Rendering iFrames in PowerHA Web Interface

Notes

Vulnerabilities

Vulnerability Notes

References

References

Privacy Policy

Cookie Policy

Accessibility

Impressum