IBM PowerVM Hypervisor Platform KeyStore Service Access Vulnerability
CVE-2024-41781 Published on November 22, 2024
IBM PowerVM Hypervisor information disclosure
IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore.
Vulnerability Analysis
Weakness Type
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.
Products Associated with CVE-2024-41781
Want to know whenever a new CVE is published for IBM Powervm Hypervisor? stack.watch will email you.
Affected Versions
IBM PowerVM Hypervisor:- Version FW950.00, <= FW950.90 is affected.
- Version FW1030.00, <= FW1030.60 is affected.
- Version FW1050.00, <= FW1050.20 is affected.
- Version FW1060.00, <= FW1060.10 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.