Lucene search
IBM1EE0381C7CB2BD91D5C18FEA5FEDB665F65401EF3D051D5A9BD9A897427E783FHistoryFeb 02, 2022 - 10:13 p.m.
Security Bulletin: This Power System update is being released to address CVE 2021-38960
2022-02-0222:13:31
www.ibm.com
12
power system
cve 2021-38960
openbmc
ibm
firmware update
ac922
hmc
workarounds
EPSS
0.001
Percentile
44.3%
Summary
POWER9: In response to a security issue with BMC’s HTTPS server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2021-38960
Vulnerability Details
CVEID:CVE-2021-38960
**DESCRIPTION:**IBM OPENBMC could allow an unauthenticated user to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| OPENBMC | OP920, OP930, OP940 |
| HMC | |
| OP940 |
Remediation/Fixes
Customers with the products below running OP920, OP930 or OP940, install OP940.30:
- IBM Power System AC922 (8335-GTH, 8335-GTX)
Customers with the products below running OP940, install OP940.30:
- IBM Power Hardware Management Console System Firmware (7063-CR2)
Workarounds and Mitigations
None
Related
nvd
nvd
CVE-2021-38960
2022-02-04 23:15:11
cvelist
cvelist
CVE-2021-38960
2022-02-04 22:33:07
cnvd
cnvd
IBM OPENBMC OP910 Information Disclosure Vulnerability
2022-02-10 00:00:00
cve
cve
CVE-2021-38960
2022-02-04 23:15:11
prion
prion
Buffer overflow
2022-02-04 23:15:00
EPSS
0.001
Percentile
44.3%
Related for 1EE0381C7CB2BD91D5C18FEA5FEDB665F65401EF3D051D5A9BD9A897427E783F