CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 0CVE-2021-29891
https://notcve.org/view.php?id=CVE-2021-29891
IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221. IBM OPENBMC versiones OP910 y OP940, podrían permitir a un usuario privilegiado cargar un certificado de identidad de sitio inapropiado que podría causar la pérdida de servicios de red. IBM X-Force ID: 207221. • https://exchange.xforce.ibmcloud.com/vulnerabilities/207221 https://www.ibm.com/support/pages/node/6614233 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-38960
https://notcve.org/view.php?id=CVE-2021-38960
IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. IBM OPENBMC OP920, OP930 y OP940, podrían permitir a un usuario no autenticado obtener información confidencial. IBM X-Force ID: 212047 • https://exchange.xforce.ibmcloud.com/vulnerabilities/212047 https://www.ibm.com/support/pages/node/6529322 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2021-29847
https://notcve.org/view.php?id=CVE-2021-29847
BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267. La configuración del firmware de BMC (IBM Power System S821LC Server (8001-12C) OP825.50) ha cambiado para permitir que un usuario autenticado abra un canal de comunicación no seguro que podría permitir a un atacante conseguir información confidencial usando técnicas de tipo man in the middle. IBM X-Force ID: 205267 • https://exchange.xforce.ibmcloud.com/vulnerabilities/205267 https://www.ibm.com/support/pages/node/6520420 •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0883 – IBM Power Hardware Management Console cross-site scripting
https://notcve.org/view.php?id=CVE-2014-0883
IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 91163. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 hasta 7R7.3.5, 7R7.7.0 hasta SP3 y 7R7.8.0 anterior al SP1 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el nombre de usuario en la pantalla de inicio de sesión. IBM X-Force ID: 91163. • https://exchange.xforce.ibmcloud.com/vulnerabilities/91163 https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1134
https://notcve.org/view.php?id=CVE-2017-1134
IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459. IBM Reliable Scalable Cluster Technology podría permitir a un usuario local escalar sus privilegios para obtener acceso de root. Referencia IBM: 1998459. • http://www.ibm.com/support/docview.wss?uid=swg21998459 http://www.securityfocus.com/bid/96764 http://www.securitytracker.com/id/1038389 •