CVE-2024-41781

MEDIUM

IBM PowerVM Hypervisor - Info Disclosure

Title source: llm

Description

IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7172698

Scores

CVSS v3 5.1

EPSS 0.0007

EPSS Percentile 20.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-497

Status published

Products (1)

ibm/powervm_hypervisor fw950.00 - fw950.b0

Published Nov 22, 2024

Tracked Since Feb 18, 2026