Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3F6AA8307CD8C750FDDB56C1BBF5E7AE8A34365E4D00F4C4840ADDB58FBF9C77
HistoryFeb 05, 2024 - 9:52 p.m.

Security Bulletin: This Power System update is being released to address CVE-2023-46183

2024-02-0521:52:08
www.ibm.com
3
powervm hypervisor
ibm power system
cve-2023-46183
firmware
vulnerability
system administrator
sensitive partition data

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

9.0%

JSON

Summary

A vulnerability was identifed where sensitive partition data controlled by PowerVM may be accessible to a system administrator.

Vulnerability Details

CVEID:CVE-2023-46183
**DESCRIPTION:**IBM PowerVM Hypervisor could allow a system administrator to obtain sensitive partition information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269695 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
PowerVM Hypervisor FW1030.00 - FW1030.30
PowerVM Hypervisor FW1020.00 - FW1020.40
PowerVM Hypervisor FW950.00 - FW950.90

Remediation/Fixes

Customers with the products below should install FW950.A0(950_145) or newer to remediate this vulnerability.

Power 9

  1. IBM Power System L922 (9008-22L)

  2. IBM Power System S922 (9009-22A, 9009-22G)

  3. IBM Power System H922 (9223-22H, 9223-22S)

  4. IBM Power System S914 (9009-41A, 9009-41G)

  5. IBM Power System S924 (9009-42A, 9009-42G)

  6. IBM Power System H924 (9223-42H, 9223-42S)

  7. IBM Power System E950 (9040-MR9)

  8. IBM Power System E980 (9080-M9S)

Customers with the products below should install FW1030.40(1030_066), FW1050.00(1050_43) or newer to remediate this vulnerability.

Power 10

  1. IBM Power System E1080 (9080-HEX)

Customers with the products below should install FW1020.50(1020_112), FW1030.40(1030_075), FW1050.00(1050_52) or newer to remediate this vulnerability.

Power 10

  1. IBM Power System S1022 (9105-22A)

  2. IBM Power System S1024 (9105-42A)

  3. IBM Power System S1022s (9105-22B)

  4. IBM Power System S1014 (9105-41B)

  5. IBM Power System L1022 (9786-22H)

  6. IBM Power System L1024 (9786-42H)

  7. IBM Power System E1050 (9043-MRX)

Workarounds and Mitigations

None

Related

cve 1
cnvd 1
cvelist 1
prion 1
vulnrichment 1
nvd 1
cve
cve
CVE-2023-46183
2024-02-06 16:15:51
cnvd
cnvd
IBM PowerVM Hypervisor Information Disclosure Vulnerability (CNVD-2024-09173)
2024-02-20 00:00:00
cvelist
cvelist
CVE-2023-46183 IBM PowerVM Hypervisor information disclosure
2024-02-06 16:05:23
prion
prion
Design/Logic Flaw
2024-02-06 16:15:00
vulnrichment
vulnrichment
CVE-2023-46183 IBM PowerVM Hypervisor information disclosure
2024-02-06 16:05:23
nvd
nvd
CVE-2023-46183
2024-02-06 16:15:51

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

9.0%

JSON
Related for 3F6AA8307CD8C750FDDB56C1BBF5E7AE8A34365E4D00F4C4840ADDB58FBF9C77
cve1cnvd1cvelist1prion1vulnrichment1nvd1