CVE-2024-53979
CVSS 3.1 Score 8.2 of 10 (high)
Details
Summary
CVE-2024-53979 is a vulnerability affecting the "ibm.ibm_zhmc" Ansible collection for the IBM Z HMC. This collection inadvertently logs and returns password-like properties in clear text under certain conditions. Specifically, the "boot_ftp_password," "ssc_master_pw," "zaware_master_pw," and "password" properties are at risk when using specific Ansible modules like "zhmc_partition," "zhmc_lpar," "zhmc_user," and "zhmc_ldap_server_definition." The issue is resolved in version 1.9.3, and users are advised to upgrade to mitigate this vulnerability. No known workarounds exist.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.