CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2023-30438 – IBM PowerVM gain access
https://notcve.org/view.php?id=CVE-2023-30438
17 May 2023 — An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252706 •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22309
https://notcve.org/view.php?id=CVE-2022-22309
24 May 2022 — The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095. El FSP de los sistemas POWER es vulnerable a los inicios de sesión no autenticados mediante el puerto serie/interfaz TTY. Esta vulnerabilidad puede ser más crítica si el puerto serie está conectado a un dispositivo serial-over-lan. • https://exchange.xforce.ibmcloud.com/vulnerabilities/217095 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.9EPSS: 0%CPEs: 22EXPL: 0CVE-2018-1992
https://notcve.org/view.php?id=CVE-2018-1992
21 Mar 2019 — The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instr... • https://exchange.xforce.ibmcloud.com/vulnerabilities/154345 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •