CVE-2023-38280 — Improper Privilege Management in IBM Hardware Management Console

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

CNA8.4

EPSS

0.0%

top 92.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Power HMC IBM Hardware Management Console

Timeline

PublishedOct 16

Description

IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/hardware_management_console10.1.1010.0, 10.2.1030.0+1

▶CVEListV5ibm/power_hmc10.1.1010.0, 10.2.1030.0

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-rcq5-59gf-jqxv: IBM HMC (Hardware Management Console) 10↗2023-10-16

▶

CVEList

IBM Power HMC privilege escalation↗2023-10-16

▶