CVE-2022-22488 – IBM OpenBMC denial of service
https://notcve.org/view.php?id=CVE-2022-22488
IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337. IBM OpenBMC OP910 y OP940 podrían permitir que un usuario privilegiado provoque una Denegación de Servicio (DoS) cargando o eliminando demasiados certificados de CA en un corto período de tiempo. ID de IBM X-Force: 2226337. • https://exchange.xforce.ibmcloud.com/vulnerabilities/226337 https://www.ibm.com/support/pages/node/6840155 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2021-29891
https://notcve.org/view.php?id=CVE-2021-29891
IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221. IBM OPENBMC versiones OP910 y OP940, podrían permitir a un usuario privilegiado cargar un certificado de identidad de sitio inapropiado que podría causar la pérdida de servicios de red. IBM X-Force ID: 207221. • https://exchange.xforce.ibmcloud.com/vulnerabilities/207221 https://www.ibm.com/support/pages/node/6614233 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-38960
https://notcve.org/view.php?id=CVE-2021-38960
IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. IBM OPENBMC OP920, OP930 y OP940, podrían permitir a un usuario no autenticado obtener información confidencial. IBM X-Force ID: 212047 • https://exchange.xforce.ibmcloud.com/vulnerabilities/212047 https://www.ibm.com/support/pages/node/6529322 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-20487
https://notcve.org/view.php?id=CVE-2021-20487
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. IBM Power9 Self Boot Engine (SBE), podría permitir a un usuario privilegiado inyectar código malicioso y comprometer la integridad del firmware del host al omitir el proceso de comprobación de la firma del firmware del host • https://exchange.xforce.ibmcloud.com/vulnerabilities/197730 https://www.ibm.com/support/pages/node/6455911 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2019-4169
https://notcve.org/view.php?id=CVE-2019-4169
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702. IBM Open Power versiones de Firmware OP910 y OP920, podrían permitir el acceso a BMC por medio de IPMI usando la contraseña OpenBMC predeterminada incluso después de que la contraseña de BMC fue cambiada alejada de la contraseña predeterminada. ID de IBM X-Force: 158702. • http://www.ibm.com/support/docview.wss?uid=ibm10881209 https://exchange.xforce.ibmcloud.com/vulnerabilities/158702 • CWE-1188: Initialization of a Resource with an Insecure Default •