Multiple Linux Kernel Vulnerabilities Exploit in the Wild
April 8, 2025Multiple Microsoft Products Vulnerabilities
April 8, 2025Multiple Linux Kernel Vulnerabilities Exploit in the Wild
April 8, 2025Multiple Microsoft Products Vulnerabilities
April 8, 2025Severity
Medium
Analysis Summary
CVE-2025-0986 CVSS:4.5
IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration.
CVE-2024-25051 CVSS:6.6
IBM Jazz Reporting Service could allow a remote authenticated attacker to impersonate another user on the system, caused by the failure to invalidate session after logout.
CVE-2024-51477 CVSS:4.3
IBM InfoSphere Information Server could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
CVE-2024-43186 CVSS:5.3
IBM InfoSphere Information Server could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
CVE-2024-7577 CVSS:4.4
IBM InfoSphere Information Server could disclose sensitive user credentials from log files during new installation of the product.
Impact
- Data Manipulation
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
CVE-2025-0986
CVE-2024-25051
CVE-2024-51477
CVE-2024-43186
CVE-2024-7577
Affected Vendors
- IBM
Affected Products
- IBM PowerVM Hypervisor - FW1050.00
- IBM PowerVM Hypervisor - FW1050.30
- IBM PowerVM Hypervisor - FW1060.00
- IBM PowerVM Hypervisor - FW1060.20
- IBM Jazz Reporting Service - 7.0.2
- IBM Jazz Reporting Service - 7.0.3
- IBM InfoSphere Information Server - 11.7
Remediation
Upgrade to the latest version, available from the IBM Website.