Lucene search

[email protected]CVE-2020-4788

HistoryNov 20, 2020 - 4:15 a.m.

CVE-2020-4788

2020-11-2004:15:11

[email protected]

web.nvd.nist.gov

265

ibm

power9

aix

vios

processor

local user

sensitive information

leakage

ibm x-force

nvd

cve-2020-4788

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.9%

JSON

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

Affected configurations

Vulners

NVD

Node

ibmpowervm_virtual_i\/o_serverMatch3.1

ibmaixMatch7.1

ibmaixMatch7.2

VendorProductVersionCPE
ibmpowervm_virtual_i\/o_server3.1cpe:2.3:a:ibm:powervm_virtual_i\/o_server:3.1:*:*:*:*:*:*:*
ibmaix7.1cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*
ibmaix7.2cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	powervm_virtual_i\/o_server	3.1	cpe:2.3:a:ibm:powervm_virtual_i\/o_server:3.1:::::::*
ibm	aix	7.1	cpe:2.3:o:ibm:aix:7.1:::::::*
ibm	aix	7.2	cpe:2.3:o:ibm:aix:7.2:::::::*

CNA Affected

[
  {
    "product": "VIOS ",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.1"
      }
    ]
  },
  {
    "product": "AIX",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.1"
      },
      {
        "status": "affected",
        "version": "7.2"
      }
    ]
  }
]