Lucene search
China National Vulnerability DatabaseCNVD-2022-03955HistoryJan 13, 2022 - 12:00 a.m.
IBM VIOS operating system command injection vulnerability
2022-01-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
0.0004 Low
EPSS
Percentile
5.1%
IBM Vios is part of IBM USA’s PowerVm Editions hardware feature that helps share physical I/O resources between client logical partitions within a server. IBM VIOS lscore has an operating system command injection vulnerability that stems from an lscore command input validation error, and this vulnerability exists. A local user can pass specially crafted data to the lscore command and use elevated privileges to execute arbitrary code. The vulnerability allows a local user to escalate privileges on the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm ibm vios | eq | 3.1.0 | |
| ibm ibm vios | eq | 3.1.1 | |
| ibm ibm vios | eq | 3.1.2 |
Related
nessus
nessus
AIX 7.2 TL 5 : lscore (IJ36815)
2022-01-11 00:00:00
AIX 7.3 TL 0 : lscore (IJ36816)
2022-01-11 00:00:00
AIX 7.2 TL 5 : lscore (IJ36810)
2022-01-11 00:00:00
nvd
nvd
CVE-2021-38991
2022-01-11 17:15:07
aix
aix
prion
prion
Code injection
2022-01-11 17:15:00
cve
cve
CVE-2021-38991
2022-01-11 17:15:07
cvelist
cvelist
CVE-2021-38991
2022-01-10 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in lscore affects AIX (CVE-2021-38991)
2022-01-24 13:38:20