The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM Virtualization Engine TS7700 has addressed the vulnerability.
CVEID:CVE-2021-29908
**DESCRIPTION:**The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207747 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
Only the following versions of microcode for the IBM Virtualization Engine TS7700 (3957-VEC and 3957-VED) are affected:
Machine Type | Model | Version |
---|---|---|
3957 | VEC |
8.51.0.63
8.51.1.26
8.52.100.32
3957| VED|
8.51.0.63
8.51.1.26
8.52.100.32
Contact IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode version followed by the installation of the appropriate code-specific VTD_EXEC (900 or 901) as needed. Affected microcode versions are shown below:
Machine Type | Model | Fix |
---|---|---|
3957 | VEC |
If using 8.51.0.63, upgrade to 8.51.1.26, then apply VTD_EXEC.900
If using 8.51.1.26, apply VTD_EXEC.900
If using 8.52.100.32, apply VTD_EXEC.901
3957| VED|
If using 8.51.0.63, upgrade to 8.51.1.26, then apply VTD_EXEC.900
If using 8.51.1.26, apply VTD_EXEC.900
If using 8.52.100.32, apply VTD_EXEC.901
The minimum VTD_EXEC version is shown below:
VTD_EXEC Package | Version |
---|---|
VTD_EXEC.900 | v1.03 |
VTD_EXEC.901 | v1.02 |
None