CVE-2021-29891
https://notcve.org/view.php?id=CVE-2021-29891
IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221. IBM OPENBMC versiones OP910 y OP940, podrían permitir a un usuario privilegiado cargar un certificado de identidad de sitio inapropiado que podría causar la pérdida de servicios de red. IBM X-Force ID: 207221. • https://exchange.xforce.ibmcloud.com/vulnerabilities/207221 https://www.ibm.com/support/pages/node/6614233 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-38960
https://notcve.org/view.php?id=CVE-2021-38960
IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. IBM OPENBMC OP920, OP930 y OP940, podrían permitir a un usuario no autenticado obtener información confidencial. IBM X-Force ID: 212047 • https://exchange.xforce.ibmcloud.com/vulnerabilities/212047 https://www.ibm.com/support/pages/node/6529322 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-29847
https://notcve.org/view.php?id=CVE-2021-29847
BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267. La configuración del firmware de BMC (IBM Power System S821LC Server (8001-12C) OP825.50) ha cambiado para permitir que un usuario autenticado abra un canal de comunicación no seguro que podría permitir a un atacante conseguir información confidencial usando técnicas de tipo man in the middle. IBM X-Force ID: 205267 • https://exchange.xforce.ibmcloud.com/vulnerabilities/205267 https://www.ibm.com/support/pages/node/6520420 •
CVE-2012-2188
https://notcve.org/view.php?id=CVE-2012-2188
IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character. IBM Power Hardware Management Console (HMC) v7R3.5.0 anteriores a vSP4, v7R7.1.0 y 7R7.2.0 anteriores a v7R7.2.0 SP3, y 7R7.3.0 anteriores a SP2, y Systems Director Management Console (SDMC) v6R7.3.0 anteriores a SP2, no restringe de forma adecuada el comando VIOS viosrvcmd, lo que permite a usuarios locales a obtener privilegios a través de vectores que implican los caracteres (1) $ (signo del dolar) o (2) & (ampersand). • http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825 http://www.ibm.com/support/docview.wss?uid=isg1MB03548 http://www.ibm.com/support/docview.wss?uid=isg1MB03550 http://www.ibm.com/support/docview.wss?uid=isg1MB03554 http://www.ibm.com/support/docview.wss?uid=isg1MB03580 https://exchange.xforce.ibmcloud.com/vulnerabilities/75906 • CWE-264: Permissions, Privileges, and Access Controls •