Severity
Medium
Analysis Summary
CVE-2025-0986 CVSS:4.5
IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration.
CVE-2024-25051 CVSS:6.6
IBM Jazz Reporting Service could allow a remote authenticated attacker to impersonate another user on the system, caused by the failure to invalidate session after logout.
CVE-2024-51477 CVSS:4.3
IBM InfoSphere Information Server could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
CVE-2024-43186 CVSS:5.3
IBM InfoSphere Information Server could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
CVE-2024-7577 CVSS:4.4
IBM InfoSphere Information Server could disclose sensitive user credentials from log files during new installation of the product.
Impact
- Data Manipulation
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
CVE-2025-0986
CVE-2024-25051
CVE-2024-51477
CVE-2024-43186
CVE-2024-7577
Affected Vendors
- IBM
Affected Products
- IBM PowerVM Hypervisor - FW1050.00
- IBM PowerVM Hypervisor - FW1050.30
- IBM PowerVM Hypervisor - FW1060.00
- IBM PowerVM Hypervisor - FW1060.20
- IBM Jazz Reporting Service - 7.0.2
- IBM Jazz Reporting Service - 7.0.3
- IBM InfoSphere Information Server - 11.7
Remediation
Upgrade to the latest version, available from the IBM Website.