← Back

CVE-2021-38960

nvd nist
Published: Feb 4, 2022Modified: Jun 17, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047.

Affected (7)

Ibm
3 products
Power System Ac922 (8335 Gtx) Firmware
Power System Ac922 (8335 Gth) Firmware
Power Hardware Management Console (7063 Cr2) Firmware
Configuration A
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ibm
Power System Ac922 (8335 Gtx) Firmware
Version op920
Power System Ac922 (8335 Gtx) Firmware
Version op930
Power System Ac922 (8335 Gtx) Firmware
Version op940
Running on/withPlatform Versions
Ibm
Power System Ac922 (8335 Gtx)
All versions
Configuration B
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ibm
Power System Ac922 (8335 Gth) Firmware
Version op920
Power System Ac922 (8335 Gth) Firmware
Version op930
Power System Ac922 (8335 Gth) Firmware
Version op940
Running on/withPlatform Versions
Ibm
Power System Ac922 (8335 Gth)
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Power Hardware Management Console (7063 Cr2) Firmware
Version op940
Running on/withPlatform Versions
Ibm
Power Hardware Management Console (7063 Cr2)
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: psirt@us.ibm.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.