Security Bulletin: This Power System update is being released to address CVE-2024-35124

Summary The BMC is vulnerable during the time it is connected to the network and does not yet have its "admin" account password set. Vulnerability Details CVEID:CVE-2024-35124 DESCRIPTION: During OpenBMC new installation, an attacker with network access gain administrative access even if the...

CVE-2023-33851

IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135...

CVE-2022-37395

CVE-2022-37395 affects Huawei CV81-WDM FW version 01.70.49.29.46 and describes an input verification vulnerability that can be exploited remotely to cause a Denial of Service. Multiple connected sources corroborate the issue and the affected product, including Huawei’s PSIRT advisory and vendor/R...

Design/Logic Flaw

This vulnerability affects all of the company's products that also include the FW versions: updatei90cv2.021b20210104, updatei50v1.0.55b20200509, updatex6v2.1.2b202001127, updateb5v2.0.9b20200706. This vulnerability makes it possible to extract from the FW the existing user passwords on their...

CVE-2022-30627 Chcnav - P5E GNSS Information disclosure hard coded credentials.

This vulnerability affects all of the company's products that also include the FW versions: updatei90cv2.021b20210104, updatei50v1.0.55b20200509, updatex6v2.1.2b202001127, updateb5v2.0.9b20200706. This vulnerability makes it possible to extract from the FW the existing user passwords on their...

CVE-2022-29798

There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Successful exploitation could cause denial of service...

Authentication flaw

The product M2M ETHERNET FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism...