Vulnerabilites related to IBM - Power Hardware Management Console
var-202112-1977
Vulnerability from variot
BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267. IBM Power System S821LC Server (8001-12C) There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 205267 It is published as.Information may be obtained.
Power System firmware has security loopholes, which can be exploited by attackers to use man-in-the-middle technology to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1977",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "power system s821lc \\",
"scope": "lt",
"trust": 1.0,
"vendor": "ibm",
"version": "op825.51"
},
{
"model": "power hardware management console \\",
"scope": "lt",
"trust": 1.0,
"vendor": "ibm",
"version": "op825.51"
},
{
"model": "power system cs821lc \\",
"scope": "lt",
"trust": 1.0,
"vendor": "ibm",
"version": "op825.51"
},
{
"model": "power system s822lc \\",
"scope": "lt",
"trust": 1.0,
"vendor": "ibm",
"version": "op825.51"
},
{
"model": "power system cs822lc \\",
"scope": "lt",
"trust": 1.0,
"vendor": "ibm",
"version": "op825.51"
},
{
"model": "power system s822lc",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "power system s821lc",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "power system cs822lc",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "power system cs821lc",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "power hardware management console",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "power system",
"scope": null,
"trust": 0.6,
"vendor": "ibm",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102815"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016438"
},
{
"db": "NVD",
"id": "CVE-2021-29847"
}
]
},
"cve": "CVE-2021-29847",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-29847",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-102815",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-29847",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@us.ibm.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2021-29847",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-29847",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-29847",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@us.ibm.com",
"id": "CVE-2021-29847",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-29847",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-102815",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-1263",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102815"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1263"
},
{
"db": "NVD",
"id": "CVE-2021-29847"
},
{
"db": "NVD",
"id": "CVE-2021-29847"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267. IBM Power System S821LC Server (8001-12C) There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 205267 It is published as.Information may be obtained. \n\r\n\r\nPower System firmware has security loopholes, which can be exploited by attackers to use man-in-the-middle technology to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29847"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016438"
},
{
"db": "CNVD",
"id": "CNVD-2021-102815"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-29847",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016438",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-102815",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1263",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102815"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1263"
},
{
"db": "NVD",
"id": "CVE-2021-29847"
}
]
},
"id": "VAR-202112-1977",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102815"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102815"
}
]
},
"last_update_date": "2024-08-14T14:31:28.462000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "6520420 IBM\u00a0X-Force\u00a0Exchange",
"trust": 0.8,
"url": "https://www.ibm.com/support/pages/node/6520420"
},
{
"title": "Patch for Unidentified vulnerabilities in IBM Power System",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/310781"
},
{
"title": "IBM Power System Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174559"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102815"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1263"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016438"
},
{
"db": "NVD",
"id": "CVE-2021-29847"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.ibm.com/support/pages/node/6520420"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29847"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205267"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102815"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1263"
},
{
"db": "NVD",
"id": "CVE-2021-29847"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-102815"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1263"
},
{
"db": "NVD",
"id": "CVE-2021-29847"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102815"
},
{
"date": "2022-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016438"
},
{
"date": "2021-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1263"
},
{
"date": "2021-12-15T20:15:08.317000",
"db": "NVD",
"id": "CVE-2021-29847"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102815"
},
{
"date": "2022-12-14T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2021-016438"
},
{
"date": "2021-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1263"
},
{
"date": "2021-12-21T00:37:10.883000",
"db": "NVD",
"id": "CVE-2021-29847"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1263"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM\u00a0Power\u00a0System\u00a0S821LC\u00a0Server\u00a0(8001-12C)\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016438"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1263"
}
],
"trust": 0.6
}
}
var-201208-0620
Vulnerability from variot
IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character. A local attacker may exploit this issue to execute arbitrary code with Local System privileges. Successful exploits will result in the complete compromise of affected computers. The vulnerability is caused by not properly restricting the VIOS viosrvcmd command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0620",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "power hardware management console",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "7r7.1.0"
},
{
"model": "power hardware management console",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "7r7.3.0"
},
{
"model": "systems director management console",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "6r7.3.0"
},
{
"model": "power hardware management console",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "7r3.5.0"
},
{
"model": "power hardware management console",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "7r7.2.0"
},
{
"model": "hardware management console",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "sp4"
},
{
"model": "systems director management console",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "sp2"
},
{
"model": "hardware management console",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "7r3.5.0"
},
{
"model": "hardware management console",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "7r7.3.0"
},
{
"model": "hardware management console",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7r7.2.0 sp3"
},
{
"model": "hardware management console",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "sp2"
},
{
"model": "systems director management console",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6r7.3.0"
},
{
"model": "hardware management console",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "7r7.2.0"
},
{
"model": "hardware management console",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7r7.1.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003476"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-013"
},
{
"db": "NVD",
"id": "CVE-2012-2188"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ibm:power_hardware_management_console_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:systems_director_management__console_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003476"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CitiGroup Inc",
"sources": [
{
"db": "BID",
"id": "54844"
}
],
"trust": 0.3
},
"cve": "CVE-2012-2188",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2012-2188",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-55469",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-2188",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-2188",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-013",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-55469",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55469"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003476"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-013"
},
{
"db": "NVD",
"id": "CVE-2012-2188"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) \u0026 (ampersand) character. \nA local attacker may exploit this issue to execute arbitrary code with Local System privileges. Successful exploits will result in the complete compromise of affected computers. The vulnerability is caused by not properly restricting the VIOS viosrvcmd command",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2188"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003476"
},
{
"db": "BID",
"id": "54844"
},
{
"db": "VULHUB",
"id": "VHN-55469"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2188",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003476",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201208-013",
"trust": 0.7
},
{
"db": "AIXAPAR",
"id": "MB03548",
"trust": 0.6
},
{
"db": "AIXAPAR",
"id": "MB03554",
"trust": 0.6
},
{
"db": "AIXAPAR",
"id": "MB03550",
"trust": 0.6
},
{
"db": "AIXAPAR",
"id": "MB03580",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20263",
"trust": 0.6
},
{
"db": "XF",
"id": "75906",
"trust": 0.6
},
{
"db": "BID",
"id": "54844",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-55469",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55469"
},
{
"db": "BID",
"id": "54844"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003476"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-013"
},
{
"db": "NVD",
"id": "CVE-2012-2188"
}
]
},
"id": "VAR-201208-0620",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-55469"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:12:54.795000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Bulletin: Power HMC viosrvcmd command allows elevated privilege on VIOS (CVE-2012-2188)",
"trust": 0.8,
"url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825?lang=ja"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003476"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55469"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003476"
},
{
"db": "NVD",
"id": "CVE-2012-2188"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.ibm.com/support/docview.wss?uid=isg1mb03548"
},
{
"trust": 1.7,
"url": "http://www.ibm.com/support/docview.wss?uid=isg1mb03550"
},
{
"trust": 1.7,
"url": "http://www.ibm.com/support/docview.wss?uid=isg1mb03554"
},
{
"trust": 1.7,
"url": "http://www.ibm.com/support/docview.wss?uid=isg1mb03580"
},
{
"trust": 1.7,
"url": "http://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75906"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2188"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2188"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/75906"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20263"
},
{
"trust": 0.3,
"url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55469"
},
{
"db": "BID",
"id": "54844"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003476"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-013"
},
{
"db": "NVD",
"id": "CVE-2012-2188"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-55469"
},
{
"db": "BID",
"id": "54844"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003476"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-013"
},
{
"db": "NVD",
"id": "CVE-2012-2188"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-06T00:00:00",
"db": "VULHUB",
"id": "VHN-55469"
},
{
"date": "2012-08-07T00:00:00",
"db": "BID",
"id": "54844"
},
{
"date": "2012-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003476"
},
{
"date": "2012-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-013"
},
{
"date": "2012-08-06T16:55:03.260000",
"db": "NVD",
"id": "CVE-2012-2188"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-55469"
},
{
"date": "2012-08-07T00:00:00",
"db": "BID",
"id": "54844"
},
{
"date": "2012-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003476"
},
{
"date": "2012-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-013"
},
{
"date": "2024-11-21T01:38:40.497000",
"db": "NVD",
"id": "CVE-2012-2188"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "54844"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-013"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM HMC and SDMC Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003476"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-013"
}
],
"trust": 0.6
}
}
CVE-2024-56477 (GCVE-0-2024-56477)
Vulnerability from cvelistv5
Published
2025-02-14 14:49
Modified
2025-02-14 14:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7183224 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Power Hardware Management Console |
Version: 10.3.1050.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T14:56:34.649052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T14:56:48.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Power Hardware Management Console",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.3.1050.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
}
],
"value": "IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T14:49:45.839Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7183224"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Power Hardware Management Console directory traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-56477",
"datePublished": "2025-02-14T14:49:45.839Z",
"dateReserved": "2024-12-26T12:51:40.265Z",
"dateUpdated": "2025-02-14T14:56:48.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}