CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2023-30438 – IBM PowerVM gain access
https://notcve.org/view.php?id=CVE-2023-30438
An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252706 https://www.ibm.com/support/pages/node/6993021 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34331 – IBM Power FW security bypass
https://notcve.org/view.php?id=CVE-2022-34331
After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695. Después de realizar una secuencia de operaciones de mantenimiento de Power FW950, FW1010, es posible que un adaptador de red SRIOV esté configurado incorrectamente, lo que provocará que se desactive la configuración VEPA deseada. ID de IBM X-Force: 229695. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229695 https://www.ibm.com/support/pages/node/6833632 • CWE-287: Improper Authentication •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22445
https://notcve.org/view.php?id=CVE-2022-22445
An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware. Un atacante que obtenga acceso de servicio al FSP (sólo en POWER9) o que obtenga autoridad de administrador en una partición puede comprometer el firmware de la partición • https://exchange.xforce.ibmcloud.com/vulnerabilities/224546 https://www.ibm.com/support/pages/node/6604071 •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38918
https://notcve.org/view.php?id=CVE-2021-38918
IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019. IBM PowerVM Hypervisor FW860, FW940, FW950 y FW1010, mediante una secuencia específica de operaciones de administración de máquinas virtuales podría conllevar a una violación del aislamiento entre máquinas virtuales iguales. IBM X-Force ID: 210019. • https://exchange.xforce.ibmcloud.com/vulnerabilities/210019 https://www.ibm.com/support/pages/node/6525032 •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38937
https://notcve.org/view.php?id=CVE-2021-38937
IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894. IBM PowerVM Hypervisor FW940, FW950 y FW1010, podría permitir a un usuario autenticado causar el bloqueo del sistema usando una llamada de IBMi Hypervisor especialmente diseñada. IBM X-Force ID: 210894 • https://exchange.xforce.ibmcloud.com/vulnerabilities/210894 https://www.ibm.com/support/pages/node/6525014 •