CVE-2021-20487 HIGH

CVE-2021-20487

Vendor Ibm
Product Power 9 Systems
Published May 26, 2021
Last update September 16, 2024

CVSS base score

8.0/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/UI:N/I:H/AC:H/PR:H/S:C/A:H/C:H/E:U/RL:O/RC:C

What the vulnerability does

01Description

IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.

Key dates

02Disclosure timeline

May 26, 2021 CVE published
September 16, 2024 Record updated