Lucene search

China National Vulnerability DatabaseCNVD-2024-09177

HistoryFeb 04, 2024 - 12:00 a.m.

IBM PowerSC Encryption Issue Vulnerability

2024-02-0400:00:00

China National Vulnerability Database

www.cnvd.org.cn

ibm

powersc

encryption

vulnerability

weak

algorithm

ibm power systems

servers

security

compliance

attack

decrypt

sensitive information

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

29.8%

JSON

IBM PowerSC is an International Business Machines (IBM) security and compliance solution for IBM Power Systems servers. IBM PowerSC has an encryption issue vulnerability that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt highly sensitive information.

CPENameOperatorVersion
ibm ibm powersceq1.3
ibm ibm powersceq2.0
ibm ibm powersceq2.1

Name	Operator	Version
ibm ibm powersc	eq	1.3
ibm ibm powersc	eq	2.0
ibm ibm powersc	eq	2.1

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

29.8%

JSON

Related for CNVD-2024-09177