Skip to main content

Openbmc

6 CVEs product

Monthly

CVE-2024-35124 HIGH This Week

A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Openbmc
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-31916 HIGH This Week

IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Openbmc
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-3409 HIGH This Week

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Openbmc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-2809 HIGH This Week

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Denial Of Service Buffer Overflow Openbmc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-39296 CRITICAL POC Act Now

In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Openbmc
NVD GitHub
CVSS 3.1
10.0
EPSS
3.0%
CVE-2020-14156 HIGH PATCH This Week

user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Openbmc
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
EPSS 0% CVSS 7.5
HIGH This Week

A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Openbmc
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Openbmc
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 3% CVSS 10.0
CRITICAL POC Act Now

In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Openbmc
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Openbmc
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy