Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4CEF69B9F8A07E766EE0BA3667CB4D24DC5ADC23591D8E003664D412DF38BEE0
HistoryJun 27, 2023 - 10:55 p.m.

Security Bulletin: This Power System update is being released to address CVE-2023-25683

2023-06-2722:55:44
www.ibm.com
37
ibm
powervm hypervisor
cve-2023-25683
sensitive information
fsp-based systems
ebmc-based systems
fw950.80
fw1010.51
fw1030.20
power 9
power 10
security bulletin

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.4%

JSON

Summary

The PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the HMC

Vulnerability Details

CVEID:CVE-2023-25683
**DESCRIPTION:**IBM PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the HMC.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247592 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

This CVE only affects FSP-based systems. All eBMC-based are unaffected.

Affected Product(s) Version(s)
PowerVM Hypervisor FW1030.00 - FW1030.11
PowerVM Hypervisor FW1010.00 - FW1010.40
PowerVM Hypervisor FW950.00 - FW950.71

Remediation/Fixes

Customers with the products below should install FW950.80 (950_131) or newer to remediate this vulnerability.

Power 9

  1. IBM Power System L922 (9008-22L)

  2. IBM Power System S922 (9009-22A, 9009-22G)

  3. IBM Power System H922 (9223-22H, 9223-22S)

  4. IBM Power System S914 (9009-41A, 9009-41G)

  5. IBM Power System S924 (9009-42A, 9009-42G)

  6. IBM Power System H924 (9223-42H, 9223-42S)

  7. IBM Power System E950 (9040-MR9)

  8. IBM Power System E980 (9080-M9S)

Customers with the products below should install FW1010.51(1010_163), FW1030.20(1030_058) or newer to remediate this vulnerability.

Power 10

  1. IBM Power System E1080 (9080-HEX)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmthis_cve_only_affects_fsp-based_systems.Matchany

Related

cvelist 1
prion 1
nvd 1
cve 1
cvelist
cvelist
CVE-2023-25683 IBM PowerVM Hypervisor information disclosure
2023-06-15 00:59:47
prion
prion
Information disclosure
2023-06-15 01:15:00
nvd
nvd
CVE-2023-25683
2023-06-15 01:15:10
cve
cve
CVE-2023-25683
2023-06-15 01:15:10

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.4%

JSON
Related for 4CEF69B9F8A07E766EE0BA3667CB4D24DC5ADC23591D8E003664D412DF38BEE0
cvelist1prion1nvd1cve1