IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_hosts file, which allows man-in-the-middle malicious users to spoof SSH servers via an arbitrary server key.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm powervc 1.2.0.2 |
||
ibm powervc 1.2.0.0 |
||
ibm powervc 1.2.0.1 |