CVE-2024-41781

IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore.

CVSS v3.0 5.9 MEDIUM

5.9^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7172698	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:ibm:powervm_hypervisor::::::::
	cpe:2.3:o:ibm:powervm_hypervisor::::::::
	cpe:2.3:o:ibm:powervm_hypervisor::::::::
	cpe:2.3:o:ibm:powervm_hypervisor::::::::

OR	cpe:2.3:h:ibm:power_system_e950:-:::::::*
	cpe:2.3:h:ibm:power_system_e980:-:::::::*
	cpe:2.3:h:ibm:power_system_h922:-:::::::*
	cpe:2.3:h:ibm:power_system_h924:-:::::::*
	cpe:2.3:h:ibm:power_system_l922:-:::::::*
	cpe:2.3:h:ibm:power_system_s914:-:::::::*
	cpe:2.3:h:ibm:power_system_s922:-:::::::*
	cpe:2.3:h:ibm:power_system_s924:-:::::::*

History

15 Aug 2025, 17:33

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-22 12:15

Updated : 2025-08-15 17:33

NVD link : CVE-2024-41781

Mitre link : CVE-2024-41781

JSON object : View

Products Affected

ibm

power_system_h922
power_system_h924
power_system_s922
power_system_l922
power_system_e950
power_system_s914
power_system_e980
powervm_hypervisor
power_system_s924

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

NVD-CWE-noinfo

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.ibm.com/support/pages/node/7172698", "name": "https://www.ibm.com/support/pages/node/7172698", "tags": ["Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60,\u00a0FW1050.00 through\u00a0FW1050.20, and FW1060.00 through FW1060.10\u00a0functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}, {"lang": "en", "value": "CWE-497"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-41781", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}}, "publishedDate": "2024-11-22T12:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "fw950.b0", "versionStartIncluding": "fw950.00"}, {"cpe23Uri": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "fw1030.60", "versionStartIncluding": "fw1030.00"}, {"cpe23Uri": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "fw1050.20", "versionStartIncluding": "fw1050.00"}, {"cpe23Uri": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "fw1060.10", "versionStartIncluding": "fw1060.00"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ibm:power_system_e950:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:ibm:power_system_e980:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:ibm:power_system_h922:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:ibm:power_system_h924:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:ibm:power_system_l922:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:ibm:power_system_s914:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:ibm:power_system_s922:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:ibm:power_system_s924:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-15T17:33Z"}