9.1

CVE-2021-20487

IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmPower9 System Firmware Version >= fw930.00 < fw930.30
   Ibm9008-22l Version-
   Ibm9009-22a Version-
   Ibm9009-41a Version-
   Ibm9009-42a Version-
   Ibm9040-mr9 Version-
   Ibm9080-m9s Version-
   Ibm9223-22h Version-
   Ibm9223-42h Version-
IbmPower9 System Firmware Version >= fw940.00 < fw940.20
   Ibm9008-22l Version-
   Ibm9009-22a Version-
   Ibm9009-41a Version-
   Ibm9009-42a Version-
   Ibm9040-mr9 Version-
   Ibm9080-m9s Version-
   Ibm9223-22h Version-
   Ibm9223-42h Version-
IbmPower9 System Firmware Version < fw950.00
   Ibm9009-22g Version-
   Ibm9009-41g Version-
   Ibm9009-42g Version-
   Ibm9223-22s Version-
   Ibm9223-42s Version-
IbmScale-out Lc System Firmware Version < op940.20
   Ibm8335-gth Version-
   Ibm8335-gtx Version-
   Ibm9183-22x Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.289
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 2.3 6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
psirt@us.ibm.com 8 1.3 6
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.