Lucene search

IbmCVELIST:CVE-2021-38937

HistoryDec 10, 2021 - 5:50 p.m.

CVE-2021-38937

2021-12-1017:50:13

ibm

www.cve.org

cve-2021-38937

ibm powervm

system crash

authenticated user

specially crafted

ibmi hypervisor call

ibm x-force id 210894

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

32.8%

JSON

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894.

CNA Affected

[
  {
    "product": "PowerVM Hypervisor",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "FW940"
      },
      {
        "status": "affected",
        "version": "FW950"
      },
      {
        "status": "affected",
        "version": "FW1010"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/210894

www.ibm.com/support/pages/node/6525014

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

32.8%

JSON

Related for CVELIST:CVE-2021-38937