Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM414522E8176B31ECBCDDFAD1A1155B6077A0E0EDC78C266C005C62645B4EE025
HistoryFeb 02, 2024 - 10:11 p.m.

Security Bulletin: This Power System update is being released to address CVE-2023-33851

2024-02-0222:11:23
www.ibm.com
9
ibm powervm hypervisor
sensitive partition data
system administrator
firmware update
ibm power system
power 9
power 10

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

19.0%

JSON

Summary

A vulnerability was identifed where sensitive partition data may be accessible to a system administrator.

Vulnerability Details

CVEID:CVE-2023-33851
**DESCRIPTION:**IBM PowerVM Hypervisor could reveal sensitive partition data to a system administrator.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257135 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
PowerVM Hypervisor FW1030.00 - FW1030.30
PowerVM Hypervisor FW1020.00 - FW1020.40
PowerVM Hypervisor FW950.00 - FW950.90

Remediation/Fixes

Customers with the products below should install FW950.A0(950_145) or newer to remediate this vulnerability.

Power 9

  1. IBM Power System L922 (9008-22L)

  2. IBM Power System S922 (9009-22A, 9009-22G)

  3. IBM Power System H922 (9223-22H, 9223-22S)

  4. IBM Power System S914 (9009-41A, 9009-41G)

  5. IBM Power System S924 (9009-42A, 9009-42G)

  6. IBM Power System H924 (9223-42H, 9223-42S)

  7. IBM Power System E950 (9040-MR9)

  8. IBM Power System E980 (9080-M9S)

Customers with the products below should install FW1030.40(1030_066), FW1050.00(1050_43) or newer to remediate this vulnerability.

Power 10

  1. IBM Power System E1080 (9080-HEX)

Customers with the products below should install FW1020.50(1020_112), FW1030.40(1030_075), FW1050.00(1050_52) or newer to remediate this vulnerability.

Power 10

  1. IBM Power System S1022 (9105-22A)

  2. IBM Power System S1024 (9105-42A)

  3. IBM Power System S1022s (9105-22B)

  4. IBM Power System S1014 (9105-41B)

  5. IBM Power System L1022 (9786-22H)

  6. IBM Power System L1024 (9786-42H)

  7. IBM Power System E1050 (9043-MRX)

Workarounds and Mitigations

None

Related

nvd 1
cve 1
cvelist 1
vulnrichment 1
prion 1
nvd
nvd
CVE-2023-33851
2024-02-04 01:15:24
cve
cve
CVE-2023-33851
2024-02-04 01:15:24
cvelist
cvelist
CVE-2023-33851 IBM PowerVM Hypervisor information disclosure
2024-02-04 00:16:46
vulnrichment
vulnrichment
CVE-2023-33851 IBM PowerVM Hypervisor information disclosure
2024-02-04 00:16:46
prion
prion
Design/Logic Flaw
2024-02-04 01:15:00

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

19.0%

JSON
Related for 414522E8176B31ECBCDDFAD1A1155B6077A0E0EDC78C266C005C62645B4EE025
nvd1cve1cvelist1vulnrichment1prion1