273 matches found
CVE-2022-35643
IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956...
IBM PowerVM Hypervisor 权限许可和访问控制问题漏洞
IBM PowerVM Hypervisor is an application from Universal Business Machines IBM, Inc. Providing a secure and scalable virtualized environment, these applications are built on the advanced RAS features and leading performance of the Power Systems platform. IBM PowerVM Hypervisor is vulnerable to a...
Security Bulletin: An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware.
Summary PowerVM partition firmware is the portion that executes in each partition during boot. On POWER9 systems an attacker that gains service access to the FSP can compromise partition firmware for any partition configured on the system. On all affected systems an attacker that gains admin...
Security Bulletin: Vulnerability in OpenSSL (CVE-2022-0778) affects PowerVM
Summary OpenSSL is used by PowerVM to support encrypted Logical Partition Mobility. This bulletin provides a remediation for the impacted vulnerability, CVE-2022-0778 by upgrading PowerVM and thus addressing the exposure to the openssl vulnerability. Vulnerability Details CVEID: CVE-2022-0778...
Security Bulletin: IBM PowerVM Novalink is vulnerable because Dojo cloud allow a remote attacker to execute arbitrary code on the system due to WebSphere Liberty. (CVE-2021-23450)
Summary IBM PowerVM Novalink is vulnerable because Dojo cloud allow a remote attacker to execute arbitrary code on the system due to WebSphere Liberty, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an attacker could exploit this vulnerability t...
Security Bulletin: Due to WebSphere Liberty is vulnerable, PowerVM Novalink could allow a remote attacker to hijack the clicking action of the victim.
Summary IBM PowerVM Novalink uses WebSphere Liberty, which is having vulnerabilty. IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker...
IBM VIOS smbcd Input Validation Error Vulnerability
IBM Vios is part of the PowerVm? Editions hardware feature from IBM USA. Helps share physical I/O resources between client logical partitions within a server. An input validation error vulnerability exists in IBM VIOS smbcd that originates from a local denial of service in the daemon. No detailed...
Security Bulletin: IBM PowerVM Novalink is vulnerable to provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications.
Summary IBM PowerVM Novalink, which consumes IBM WebSphere Application Server Liberty 21.0.0.10 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM strongly recommends...
Security Bulletin: IBM PowerVM Novalink could allow a remote authenticated attacker to conduct an LDAP injection.
Summary IBM PowerVM Novalink, which consumes IBM WebSphere Application Server Liberty 21.0.0.10, could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission ...
IBM PowerVM Hypervisor has an unspecified vulnerability (CNVD-2022-03941)
IBM PowerVM Hypervisor is an application from Universal Business Machines IBM, Inc. provides a secure and scalable virtualization environment for applications that are built on the advanced RAS capabilities and leading performance of the Power Systems platform.A security vulnerability exists in I...
IBM VIOS operating system command injection vulnerability
IBM Vios is part of IBM USA's PowerVm Editions hardware feature that helps share physical I/O resources between client logical partitions within a server. IBM VIOS lscore has an operating system command injection vulnerability that stems from an lscore command input validation error, and this...
Security Bulletin: IBM PowerVM Novalink is vulnerable to allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system due to Apache Log4j (CVE-2021-44832)
Summary IBM PowerVM Novalink, which consumes Apache Log4j, is subject to CVE-2021-44832, which allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data sour...
CVE-2021-38918
IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019...
CVE-2021-38918
IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019...
CVE-2021-38918
IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019...
Code injection
IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019...
CVE-2021-38918
CVE-2021-38918 – IBM PowerVM Hypervisor Affected products: IBM PowerVM Hypervisor firmware FW860, FW940, FW950, and FW1010 (Power 8/9/10 platforms listed in the IBM bulletin). What is vulnerable: A specific sequence of VM management operations from the management console (HMC, Novalink, or PowerV...
CVE-2021-38918
IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019...
IBM PowerVM Hypervisor Denial of Service Vulnerability
IBM PowerVM Hypervisor is an application from IBM USA, Inc. provides a secure and scalable virtualization environment for applications built on the advanced RAS capabilities and leading performance of the Power Systems platform.A denial-of-service vulnerability exists in IBM PowerVM Hypervisor th...
IBM PowerVM Hypervisor Access Control Error Vulnerability
IBM PowerVM Hypervisor is an application from Universal Business Machines IBM, Inc. provides a secure and scalable virtualization environment for applications built on the advanced RAS capabilities and leading performance of the Power Systems platform.An access control error vulnerability exists ...