CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56477 – IBM Power Hardware Management Console directory traversal
https://notcve.org/view.php?id=CVE-2024-56477
14 Feb 2025 — IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7183224 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38280 – IBM Power HMC privilege escalation
https://notcve.org/view.php?id=CVE-2023-38280
16 Oct 2023 — IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740. IBM HMC (Hardware Management Console) 10.1.1010.0 y 10.2.1030.0 podría permitir a un usuario local escalar sus privilegios al acceso root en un shell restringido. ID de IBM X-Force: 260740. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260740 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-29891
https://notcve.org/view.php?id=CVE-2021-29891
22 Aug 2022 — IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221. IBM OPENBMC versiones OP910 y OP940, podrían permitir a un usuario privilegiado cargar un certificado de identidad de sitio inapropiado que podría causar la pérdida de servicios de red. IBM X-Force ID: 207221. • https://exchange.xforce.ibmcloud.com/vulnerabilities/207221 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-38960
https://notcve.org/view.php?id=CVE-2021-38960
04 Feb 2022 — IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. IBM OPENBMC OP920, OP930 y OP940, podrían permitir a un usuario no autenticado obtener información confidencial. IBM X-Force ID: 212047 • https://exchange.xforce.ibmcloud.com/vulnerabilities/212047 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2021-29847
https://notcve.org/view.php?id=CVE-2021-29847
15 Dec 2021 — BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267. La configuración del firmware de BMC (IBM Power System S821LC Server (8001-12C) OP825.50) ha cambiado para permitir que un usuario autenticado abra un canal de comunicación no seguro que podría permitir a un atacante conseguir in... • https://exchange.xforce.ibmcloud.com/vulnerabilities/205267 •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29707
https://notcve.org/view.php?id=CVE-2021-29707
19 Jul 2021 — IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879. IBM HMC (Hardware Management Console) versiones V9.1.910.0 y V9.2.950.0, podría permitir a un usuario local escalar sus privilegios hasta el acceso de root en un shell restringido. IBM X-Force ID: 200879 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200879 •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0883 – IBM Power Hardware Management Console cross-site scripting
https://notcve.org/view.php?id=CVE-2014-0883
20 Apr 2018 — IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 91163. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 hasta 7R7.3.5, 7R7.7.0 hasta SP3 y 7R7.8.0 anterior al SP1 permite que atacantes remotos inyec... • https://exchange.xforce.ibmcloud.com/vulnerabilities/91163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1134
https://notcve.org/view.php?id=CVE-2017-1134
20 Mar 2017 — IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459. IBM Reliable Scalable Cluster Technology podría permitir a un usuario local escalar sus privilegios para obtener acceso de root. Referencia IBM: 1998459. • http://www.ibm.com/support/docview.wss?uid=swg21998459 •
CVSS: 4.9EPSS: 0%CPEs: 19EXPL: 0CVE-2016-5011 – util-linux: Extended partition loop in MBR partition table leads to DOS
https://notcve.org/view.php?id=CVE-2016-5011
04 Nov 2016 — The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. La función parse_dos_extended en partitions/dos.c en la biblioteca libblkid en util-linux permite a atacantes físicamente próximos provocar una denegación de servicio (consumo de memoria) a través de una tabla de particiones MSDOS manipulada c... • http://rhn.redhat.com/errata/RHSA-2016-2605.html •
CVSS: 7.2EPSS: 0%CPEs: 22EXPL: 0CVE-2016-0230
https://notcve.org/view.php?id=CVE-2016-0230
07 Jul 2016 — IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors. IBM Power Hardware Management Console (HMC) 7.3 hasta la versión 7.3.0 SP7, 7.9 hasta la versión 7.9.0 SP3, 8.1 hasta la versión 8.1.0 SP3, 8.2 hasta la versión 8.2.0 SP2, 8.3 hasta la versión 8.3.0 SP2, 8.4 hasta la versión 8.4.0 SP1 ... • http://www-01.ibm.com/support/docview.wss?uid=nas8N1021387 • CWE-264: Permissions, Privileges, and Access Controls •