Lucene search

K
ibmIBM35A1B24D83EF88C4413E98E956156B92228D83B7436A7D0F707959726D82C024
HistoryMay 02, 2022 - 2:58 p.m.

Security Bulletin: Vulnerability in Intel Xeon affects IBM Cloud Pak System (CVE-2021-0144)

2022-05-0214:58:19
www.ibm.com
13

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.6%

Summary

A vulnerability found in Intel Xeon affects IBM Cloud Pak System. IBM Cloud Pak System addressed this vulnerability.

Vulnerability Details

CVEID:CVE-2021-0144
**DESCRIPTION:**Intel Xeon and Intel Core products could allow a local authenticated attacker to gain elevated privileges on the system, caused by insecure default variable initialization in the BSSA DFT feature. An authenticated attacker could exploit this vulnerability to gain higher privileges.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205386 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version
IBM Cloud Pak System

V2.3, V2.3.1.1, V2.3.2.0

v2.3.3.1, V2.3.3.2, V2.3.3.3, V2.3.3.3 ifix1

Affected Node/System Component

Compute node X240 M5

|

UEFI

Compute Node X3350 M5

|

UEFI

SN550

| UEFI

SR630

|

UEFI

Remediation/Fixes

For unsupported release/version/platform recommendation is to upgrade to supported fixed release of the product.

System (s) ** Firmware update Version**

Compute node X240-M5

|

UEFI 3.30

Compute Node X3350-M5

|

UEFI 3.30

SN550

|

UEFI IVE174F

SR630

|

UEFI IVE174F

For Cloud Pak System V2.3.0.1, V.2.3.1.1, v.2.3.2.0, v2.3.3.0, v.2.3.3.1, v.2.3.3.2, v.2.3.3.3, v2.3.3.3 Interim Fix 1,

upgrade to IBM Cloud Pak System v2.3.3.4 at Fix Central

Information on upgrading : <http://www.ibm.com/support/docview.wss?uid=ibm10887959&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_systemMatch2.3
CPENameOperatorVersion
ibm cloud pak systemeq2.3

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.6%

Related for 35A1B24D83EF88C4413E98E956156B92228D83B7436A7D0F707959726D82C024