CVE-2021-20487

EUVD-2021-7905
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
ibmCNA
8 HIGH
NETWORK
HIGH
HIGH
CVSS:3.0/AV:N/UI:N/I:H/AC:H/PR:H/S:C/A:H/C:H/E:U/RL:O/RC:C
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/197730
https://www.ibm.com/support/pages/node/6455911
https://exchange.xforce.ibmcloud.com/vulnerabilities/197730
https://www.ibm.com/support/pages/node/6455911