CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
39.9%
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | power9_system_firmware | * | cpe:2.3:o:ibm:power9_system_firmware:*:*:*:*:*:*:*:* |
ibm | 9008-22l | - | cpe:2.3:h:ibm:9008-22l:-:*:*:*:*:*:*:* |
ibm | 9009-22a | - | cpe:2.3:h:ibm:9009-22a:-:*:*:*:*:*:*:* |
ibm | 9009-41a | - | cpe:2.3:h:ibm:9009-41a:-:*:*:*:*:*:*:* |
ibm | 9009-42a | - | cpe:2.3:h:ibm:9009-42a:-:*:*:*:*:*:*:* |
ibm | 9040-mr9 | - | cpe:2.3:h:ibm:9040-mr9:-:*:*:*:*:*:*:* |
ibm | 9080-m9s | - | cpe:2.3:h:ibm:9080-m9s:-:*:*:*:*:*:*:* |
ibm | 9223-22h | - | cpe:2.3:h:ibm:9223-22h:-:*:*:*:*:*:*:* |
ibm | 9223-42h | - | cpe:2.3:h:ibm:9223-42h:-:*:*:*:*:*:*:* |
ibm | 9009-22g | - | cpe:2.3:h:ibm:9009-22g:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
39.9%