Sensitive Information Disclosure in IBM PowerVM Hypervisor
CVE-2021-29765

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Powervm Hypervisor
Vendor: CVE Published:; 4 August 2021

Summary

The IBM PowerVM Hypervisor FW940 and FW950 are susceptible to an information disclosure vulnerability. This issue arises when an attacker gains service access to the flexible service processor (FSP), potentially allowing the retrieval of sensitive information stored within the system. This vulnerability poses a risk to data confidentiality and requires immediate attention to secure affected installations.

Affected Version(s)

PowerVM Hypervisor FW940

PowerVM Hypervisor FW950

References

https://www.ibm.com/support/pages/node/6478039

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/202476

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 4, 2021
Vulnerability Reserved
Mar 31, 2021