CVE-2021-20487

IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:ibm:power9_system_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power9_system_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ibm:9008-22l:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:9009-22a:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:9009-41a:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:9009-42a:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:9040-mr9:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:9080-m9s:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:9223-22h:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:9223-42h:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ibm:power9_system_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ibm:9009-22g:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:9009-41g:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:9009-42g:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:9223-22s:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:9223-42s:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ibm:scale-out_lc_system_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ibm:8335-gth:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:8335-gtx:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:9183-22x:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:46

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/197730 - VDB Entry, Vendor Advisory () https://exchange.xforce.ibmcloud.com/vulnerabilities/197730 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/6455911 - Vendor Advisory () https://www.ibm.com/support/pages/node/6455911 - Vendor Advisory

Information

Published : 2021-05-26 17:15

Updated : 2024-11-21 05:46


NVD link : CVE-2021-20487

Mitre link : CVE-2021-20487

CVE.ORG link : CVE-2021-20487


JSON object : View

Products Affected

ibm

  • 9009-41g
  • 9223-22s
  • 9183-22x
  • 9009-22g
  • 9009-42g
  • 8335-gth
  • 9223-42h
  • 9008-22l
  • power9_system_firmware
  • 9040-mr9
  • 8335-gtx
  • 9080-m9s
  • scale-out_lc_system_firmware
  • 9009-41a
  • 9223-22h
  • 9223-42s
  • 9009-22a
  • 9009-42a
CWE
CWE-347

Improper Verification of Cryptographic Signature