CVE-2019-4169 HIGH

CVE-2019-4169

Vendor Ibm
Product P9 OpenPOWER
Published August 26, 2019
Last update September 16, 2024

CVSS base score

8.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/S:U/UI:N/C:H/AV:A/I:H/AC:L/A:N/PR:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.

Key dates

02Disclosure timeline

August 26, 2019 CVE published
September 16, 2024 Record updated