CVE-2021-20487
CRITICALIBM Power9 & Scale-Out LC Firmware <fw930.30/op940.20 - Signature Verification Bypass
Title source: llmDescription
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6455911
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/197730
Scores
CVSS v3
9.1
EPSS
0.0068
EPSS Percentile
47.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-347
Status
published
Products (2)
ibm/power9_system_firmware
fw930.00 - fw930.30
ibm/scale-out_lc_system_firmware
< op940.20
Published
May 26, 2021
Tracked Since
Feb 18, 2026