Lucene search
K

145 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/08/01 3:31 p.m.25 views

Security Bulletin: This Power System update is being released to address CVE-2023-1017 and CVE-2023-1018

Summary An attacker with access to the host could send malformed commands to the TPM which would result in a TPM DoS. A complete power cycle of the system is required to recover. Vulnerability Details CVEID:CVE-2023-1017 DESCRIPTION: Trusted Computing Group Trusted Platform Module could allow a...

7.8CVSS7.2AI score0.05552EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 5:37 p.m.19 views

Security Bulletin: This Power System update is being released to address CVE-2024-31916

Summary This affects the BMC's HTTPS-based Redfish interface. Note the BMC's web-based ASMI interface uses the Redfish interface. Vulnerability Details CVEID:CVE-2024-31916 DESCRIPTION: IBM OpenBMC's BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that...

7.5CVSS7.4AI score0.0055EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 5:31 p.m.29 views

Security Bulletin: This Power System update is being released to address CVE-2023-48795

Summary This affects the BMC's secure shell SSH interfaces which provides service access to the BMC's command shell, access to the host console, and service access to the hypervisor console. The BMC does not have SSH extensions, so a successful attack will not downgrade client connection security...

5.9CVSS6.6AI score0.9378EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 5:22 p.m.18 views

Security Bulletin: This Power System update is being released to address CVE-2023-45857

Summary This affects the BMC's ASMi web application. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKEN header using the secret XSRF-TOKEN cookie value in al...

6.5CVSS6.5AI score0.00556EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 8:44 p.m.31 views

Security Bulletin: This Power System update is being released to address CVE-2022-4304

Summary The OpenSSL RSA Decryption timing-based side channel attack affects BMC's HTTPS and SSH connections. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...

5.9CVSS6.7AI score0.16195EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 8:42 p.m.37 views

Security Bulletin: This Power System update is being released to address CVE 2020-10735

Summary BMC firmware version OP910 uses Python to help serve HTTPS requests but Python is not used to process the request body, so this access vector is not vulnerable the Python long integer vulnerability. A BMC administrator who uses Python from the BMC's command line is subject to this...

7.5CVSS7.6AI score0.03213EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/29 4:7 p.m.35 views

Security Bulletin: This Power System update is being released to address CVE-2021-3505

Summary A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with 1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate, which is called before the prime number check...

5.5CVSS5.2AI score0.00404EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/05 9:52 p.m.17 views

Security Bulletin: This Power System update is being released to address CVE-2023-46183

Summary A vulnerability was identifed where sensitive partition data controlled by PowerVM may be accessible to a system administrator. Vulnerability Details CVEID:CVE-2023-46183 DESCRIPTION: IBM PowerVM Hypervisor could allow a system administrator to obtain sensitive partition information. CVSS...

5.3CVSS4.6AI score0.00168EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/02 10:11 p.m.20 views

Security Bulletin: This Power System update is being released to address CVE-2023-33851

Summary A vulnerability was identifed where sensitive partition data may be accessible to a system administrator. Vulnerability Details CVEID:CVE-2023-33851 DESCRIPTION: IBM PowerVM Hypervisor could reveal sensitive partition data to a system administrator. CVSS Base score: 5.3 CVSS Temporal Scor...

5.3CVSS5AI score0.00374EPSS
Exploits0
CNNVD
CNNVD
added 2024/02/01 12:0 a.m.5 views

IBM PowerSC 加密问题漏洞

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from an encryption issue vulnerability that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decry...

7.5CVSS6.5AI score0.00337EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 2:22 p.m.40 views

Security Bulletin: This Power System update is being released to address CVE-2022-4304 CVE-2022-4450 CVE-2023-0215, and CVE-2023-0286

Summary The OpenSSL library is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, and CVE-2023-0286, b...

7.5CVSS7.6AI score0.59501EPSS
Exploits0
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.5 views

Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder 路径遍历漏洞

Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder is a software tool for power system monitoring and control from Schweitzer Engineering Laboratories, USA. A security vulnerability exists in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder that...

8.1CVSS7.7AI score0.00379EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.5 views

Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet 安全漏洞

Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software is a Schweitzer Engineering Laboratories, Inc. tool for configuring, commissioning and managing power system protection, control, metering and monitoring equipment. monitoring equipment of the power system. A security...

5.7CVSS5.9AI score0.00363EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.5 views

Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet 安全漏洞

Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software is a Schweitzer Engineering Laboratories, Inc. tool for configuring, commissioning and managing power system protection, control, metering and monitoring equipment. monitoring equipment of the power system. A security...

6.5CVSS6.8AI score0.00394EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.6 views

Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet 安全漏洞

Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software is a Schweitzer Engineering Laboratories, Inc. tool for configuring, commissioning and managing power system protection, control, metering and monitoring equipment. monitoring equipment of the power system. A security...

6.5CVSS6.5AI score0.00312EPSS
Exploits0References3
Akamai Blog
Akamai Blog
added 2023/07/21 1:0 p.m.17 views

ZEROgrid: A Dependable, Cost-Effective, Low-Emission Power System

...

7.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/21 10:18 p.m.81 views

Security Bulletin: This Power System update is being released to address CVE-2023-1017 and CVE-2023-1018

Summary TCG Trusted Platform Module code is used by PowerVM to support virtual TPM. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2023-1017 and CVE-2023-1018, by upgrading PowerVM and thus addressing the exposure to the TCG TPM vulnerability. Vulnerability Details...

7.8CVSS7.1AI score0.05552EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 7:32 p.m.36 views

Security Bulletin: This Power System update is being released to address CVE 2023-30440

Summary A vulnerability was identified internally by IBM related to SRIOV virtual function support in PowerVM. An attacker with privileged user access to a logical partition that has an assigned SRIOV virtual function VF may be able to create a Denial of Service of the VF assigned to other logica...

7.9CVSS6.8AI score0.00184EPSS
Exploits0Affected Software2
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.4 views

Altenergy Power System Control Software 数据伪造问题漏洞

Altenergy Power System Control Software is microinverter control software from Altenergy Power System. A security vulnerability exists in Altenergy Power System Control Software version C1.2.5, which was discovered to contain a Remote Code Execution RCE vulnerability via component...

7.2CVSS7.2AI score0.00698EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.4 views

Altenergy Power System Control Software 操作系统命令注入漏洞

Altenergy Power System Control Software is microinverter control software from Altenergy Power System. A security vulnerability exists in AlAltenergy Power System Control Software version C1.2.5, which originates from an operating system command injection vulnerability...

9.8CVSS8.4AI score0.85332EPSS
Exploits5References6
Rows per page
Query Builder