CVE-2021-29891
MEDIUMIBM Power System Ac922 (8335-gtg) Firmware - Unrestricted File Upload
Title source: ruleDescription
IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6614233
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/207221
Scores
CVSS v3
4.9
EPSS
0.0013
EPSS Percentile
31.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-434
Status
published
Products (6)
ibm/hardware_management_console_7063-cr2_firmware
op940
ibm/power_system_ac922_\(8335-gtg\)_firmware
op910
ibm/power_system_ac922_\(8335-gth\)_firmware
op910
ibm/power_system_ac922_\(8335-gth\)_firmware
op940
ibm/power_system_ac922_\(8335-gtx\)_firmware
op910
ibm/power_system_ac922_\(8335-gtx\)_firmware
op940
Published
Aug 22, 2022
Tracked Since
Feb 18, 2026