Improper Restrictions When Rendering iFrames in PowerHA Web Interface

FI-2025-001 - Improper Restrictions When Rendering iFrames in PowerHA Web Interface

Severity
Medium
Published Date
07-Jan-2025
Updated Date
07-Jan-2025
Vulnerabilities
CVE-2024-55896
 
Notes
Description

IBM PowerHA contains improper restrictions when rendering content via iFrames.  This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system.

 

Vulnerabilities

 
Improper Restrictions When Rendering iFrames in PowerHA Web Interface
Severity
Medium
CVE
CVE-2024-55896
CWE
CWE-451:User Interface (UI) Misrepresentation of Critical Information
Discovery Date
17-Nov-2023
CSSv3.1
5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products
PowerHA 7.5
PowerHA 7.4
Vulnerability Notes
Remediation: Vendor Fix

The issues can be fixed by applying a PTF to IBM i.  IBM i releases 7.5 and 7.4 will be fixed.
The IBM i PTF numbers for 5770-HAS contain the fix for the vulnerabilities.
 
References
 

References