CVSS: 9.1EPSS: 0%CPEs: 20EXPL: 0CVE-2021-20487
https://notcve.org/view.php?id=CVE-2021-20487
26 May 2021 — IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. IBM Power9 Self Boot Engine (SBE), podría permitir a un usuario privilegiado inyectar código malicioso y comprometer la integridad del firmware del host al omitir el proceso de comprobación de la firma del firmware del host • https://exchange.xforce.ibmcloud.com/vulnerabilities/197730 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.9EPSS: 0%CPEs: 22EXPL: 0CVE-2018-1992
https://notcve.org/view.php?id=CVE-2018-1992
21 Mar 2019 — The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instr... • https://exchange.xforce.ibmcloud.com/vulnerabilities/154345 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •