CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-45094 – IBM DS8900F and DS8A00 Hardware Management Console (HMC) cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45094
27 May 2025 — IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus al... • https://www.ibm.com/support/pages/node/7234276 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1951 – IBM Hardware Management Console - Power Systems command execution
https://notcve.org/view.php?id=CVE-2025-1951
22 Apr 2025 — IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges. IBM Hardware Management Console - Power Systems V10.2.1030.0 y V10.3.1050.0 podría permitir que un usuario local ejecute comandos como un usuario privilegiado debido a la ejecución de comandos con privilegios innecesarios. • https://www.ibm.com/support/pages/node/7231389 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1950 – IBM Hardware Management Console - Power Systems command execution
https://notcve.org/view.php?id=CVE-2025-1950
22 Apr 2025 — IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source. IBM Hardware Management Console - Power Systems V10.2.1030.0 y V10.3.1050.0 podría permitir que un usuario local ejecute comandos localmente debido a una validación incorrecta de librerías de una fuente no confiable. • https://www.ibm.com/support/pages/node/7231507 • CWE-114: Process Control •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56477 – IBM Power Hardware Management Console directory traversal
https://notcve.org/view.php?id=CVE-2024-56477
14 Feb 2025 — IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7183224 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38280 – IBM Power HMC privilege escalation
https://notcve.org/view.php?id=CVE-2023-38280
16 Oct 2023 — IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740. IBM HMC (Hardware Management Console) 10.1.1010.0 y 10.2.1030.0 podría permitir a un usuario local escalar sus privilegios al acceso root en un shell restringido. ID de IBM X-Force: 260740. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260740 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-29891
https://notcve.org/view.php?id=CVE-2021-29891
22 Aug 2022 — IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221. IBM OPENBMC versiones OP910 y OP940, podrían permitir a un usuario privilegiado cargar un certificado de identidad de sitio inapropiado que podría causar la pérdida de servicios de red. IBM X-Force ID: 207221. • https://exchange.xforce.ibmcloud.com/vulnerabilities/207221 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-38960
https://notcve.org/view.php?id=CVE-2021-38960
04 Feb 2022 — IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. IBM OPENBMC OP920, OP930 y OP940, podrían permitir a un usuario no autenticado obtener información confidencial. IBM X-Force ID: 212047 • https://exchange.xforce.ibmcloud.com/vulnerabilities/212047 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2021-29847
https://notcve.org/view.php?id=CVE-2021-29847
15 Dec 2021 — BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267. La configuración del firmware de BMC (IBM Power System S821LC Server (8001-12C) OP825.50) ha cambiado para permitir que un usuario autenticado abra un canal de comunicación no seguro que podría permitir a un atacante conseguir in... • https://exchange.xforce.ibmcloud.com/vulnerabilities/205267 •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29707
https://notcve.org/view.php?id=CVE-2021-29707
19 Jul 2021 — IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879. IBM HMC (Hardware Management Console) versiones V9.1.910.0 y V9.2.950.0, podría permitir a un usuario local escalar sus privilegios hasta el acceso de root en un shell restringido. IBM X-Force ID: 200879 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200879 •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0883 – IBM Power Hardware Management Console cross-site scripting
https://notcve.org/view.php?id=CVE-2014-0883
20 Apr 2018 — IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 91163. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 hasta 7R7.3.5, 7R7.7.0 hasta SP3 y 7R7.8.0 anterior al SP1 permite que atacantes remotos inyec... • https://exchange.xforce.ibmcloud.com/vulnerabilities/91163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •