SPS

CVEs (15)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2023-35191	Intel SPS	Med	0.44	6.8	0.00	Mar 14, 2024	Uncontrolled resource consumption for some Intel(R) SPS firmware versions may allow a privileged user to potentially enable denial of service via network access.
CVE-2025-20067	Intel CSME	Med	0.39	6.0	0.00	Aug 12, 2025	Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-45164	Intel SPS		0.00	—	0.00	Nov 4, 2024	Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert…
CVE-2023-29153	Intel SPS		0.00	—	0.00	Feb 14, 2024	Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access.
CVE-2022-36794	Intel SPS		0.00	—	0.00	Feb 16, 2023	Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.
CVE-2022-36348	Intel SPS		0.00	—	0.00	Feb 16, 2023	Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-29515	Intel SPS		0.00	—	0.00	Nov 11, 2022	Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.
CVE-2022-29466	Intel SPS		0.00	—	0.00	Nov 11, 2022	Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2022-26074	Intel SPS		0.00	—	0.00	Aug 18, 2022	Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access.
CVE-2020-24509	Intel SPS		0.00	—	0.00	Jun 9, 2021	Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or SPS_E5_04.04.03.263.0 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2019-11109	Intel SPS		0.00	—	0.00	Dec 18, 2019	Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access.
CVE-2019-11090	Intel SPS		0.00	—	0.04	Dec 18, 2019	Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0,…
CVE-2019-0093	Intel CSME		0.00	—	0.00	May 17, 2019	Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2019-0099	Intel SPS		0.00	—	0.00	May 17, 2019	Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVE-2019-0089	Intel SPS		0.00	—	0.00	May 17, 2019	Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2023-35191MedMar 14, 2024
Intel
SPS
risk 0.44cvss 6.8epss 0.00
Uncontrolled resource consumption for some Intel(R) SPS firmware versions may allow a privileged user to potentially enable denial of service via network access.
CVE-2025-20067MedAug 12, 2025
Intel
CSME
risk 0.39cvss 6.0epss 0.00
Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-45164Nov 4, 2024
Intel
SPS
risk 0.00cvss —epss 0.00
Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert…
CVE-2023-29153Feb 14, 2024
Intel
SPS
risk 0.00cvss —epss 0.00
Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access.
CVE-2022-36794Feb 16, 2023
Intel
SPS
risk 0.00cvss —epss 0.00
Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.
CVE-2022-36348Feb 16, 2023
Intel
SPS
risk 0.00cvss —epss 0.00
Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-29515Nov 11, 2022
Intel
SPS
risk 0.00cvss —epss 0.00
Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.
CVE-2022-29466Nov 11, 2022
Intel
SPS
risk 0.00cvss —epss 0.00
Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2022-26074Aug 18, 2022
Intel
SPS
risk 0.00cvss —epss 0.00
Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access.
CVE-2020-24509Jun 9, 2021
Intel
SPS
risk 0.00cvss —epss 0.00
Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or SPS_E5_04.04.03.263.0 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2019-11109Dec 18, 2019
Intel
SPS
risk 0.00cvss —epss 0.00
Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access.
CVE-2019-11090Dec 18, 2019
Intel
SPS
risk 0.00cvss —epss 0.04
Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0,…
CVE-2019-0093May 17, 2019
Intel
CSME
risk 0.00cvss —epss 0.00
Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2019-0099May 17, 2019
Intel
SPS
risk 0.00cvss —epss 0.00
Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVE-2019-0089May 17, 2019
Intel
SPS
risk 0.00cvss —epss 0.00
Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access.