OPENBMC OP910
by IBM
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7254 | Med | 0.34 | 5.3 | 0.00 | May 27, 2026 | IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users. | ||
| CVE-2024-35124 | 0.00 | — | 0.00 | Aug 13, 2024 | A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674. | |||
| CVE-2024-31916 | 0.00 | — | 0.01 | Jun 27, 2024 | IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026. | |||
| CVE-2022-22488 | 0.00 | — | 0.00 | Nov 18, 2022 | IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337. | |||
| CVE-2021-29891 | 0.00 | — | 0.00 | Aug 22, 2022 | IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221. | |||
| CVE-2021-38960 | 0.00 | — | 0.01 | Feb 4, 2022 | IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. | |||
| CVE-2021-38961 | 0.00 | — | 0.01 | Dec 27, 2021 | IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212049. |
- risk 0.34cvss 5.3epss 0.00
IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users.
- CVE-2024-35124Aug 13, 2024risk 0.00cvss —epss 0.00
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674.
- CVE-2024-31916Jun 27, 2024risk 0.00cvss —epss 0.01
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026.
- CVE-2022-22488Nov 18, 2022risk 0.00cvss —epss 0.00
IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337.
- CVE-2021-29891Aug 22, 2022risk 0.00cvss —epss 0.00
IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221.
- CVE-2021-38960Feb 4, 2022risk 0.00cvss —epss 0.01
IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047.
- CVE-2021-38961Dec 27, 2021risk 0.00cvss —epss 0.01
IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212049.