CVE-2022-22374

CRITICAL

IBM Power 9 AC922 Firmware - Firmware Downgrade Attack via BMC

Title source: llm
STIX 2.1

Description

The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6565075
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/221442

Scores

CVSS v3 9.1
EPSS 0.0025
EPSS Percentile 48.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

Status published
Products (4)
ibm/power_9_ac922_firmware op910
ibm/power_9_ac922_firmware op920
ibm/power_9_ac922_firmware op930
ibm/power_9_ac922_firmware op940
Published Mar 24, 2022
Tracked Since Feb 18, 2026