What is the severity of CVE-2021-29847?

CVE-2021-29847 is considers a moderate severity vulnerability due to the potential for man-in-the-middle attacks.

How do I fix CVE-2021-29847?

To remediate CVE-2021-29847, upgrade the BMC firmware on affected IBM Power Systems to a version higher than OP825.50.

What are the affected products for CVE-2021-29847?

CVE-2021-29847 affects IBM Power System S821LC with firmware OP825.50 and various versions of IBM Hardware Management Console firmware.

What type of attack does CVE-2021-29847 allow?

CVE-2021-29847 allows authenticated users to open insecure communication channels, potentially enabling man-in-the-middle attacks.

What information can be exposed due to CVE-2021-29847?

CVE-2021-29847 could allow attackers to obtain sensitive information transmitted over the insecure channel.

Vulnerability/
CVE-2021-29847

medium

5.9

15/7/2021

14/12/2021

3/8/2024

CVE-2021-29847

First published: Thu Jul 15 2021(Updated: )

BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Power hardware management console (7063-cr1) firmware	<op825.51
IBM Power Hardware Management Console
IBM Power System cs822lc (8005-22n) firmware	<op825.51
IBM Power System cs822lc (8005-22n)
IBM Power System cs821lc (8005-12n) firmware	<op825.51
IBM Power System cs821lc (8005-12n)
IBM Power System s822lc (8001-22c) firmware	<op825.51
IBM Power System s822lc (8001-22c)
IBM Power System S821LC (8001-12c) firmware	<op825.51
IBM Power System S821LC (8001-12c)
IBM Power 8	<=OP825.50
IBM Hardware Management Console 7063-CR2 Firmware	<=v3.11_v3.23_hmc

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6520420

Frequently Asked Questions

What is the severity of CVE-2021-29847?
CVE-2021-29847 is considers a moderate severity vulnerability due to the potential for man-in-the-middle attacks.
How do I fix CVE-2021-29847?
To remediate CVE-2021-29847, upgrade the BMC firmware on affected IBM Power Systems to a version higher than OP825.50.
What are the affected products for CVE-2021-29847?
CVE-2021-29847 affects IBM Power System S821LC with firmware OP825.50 and various versions of IBM Hardware Management Console firmware.
What type of attack does CVE-2021-29847 allow?
CVE-2021-29847 allows authenticated users to open insecure communication channels, potentially enabling man-in-the-middle attacks.
What information can be exposed due to CVE-2021-29847?
CVE-2021-29847 could allow attackers to obtain sensitive information transmitted over the insecure channel.

agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/last-modified-date
agent/description
agent/event
agent/trending
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm power hardware management console (7063-cr1) firmware
canonical/ibm power hardware management console
canonical/ibm power system cs822lc (8005-22n) firmware
canonical/ibm power system cs822lc (8005-22n)
canonical/ibm power system cs821lc (8005-12n) firmware
canonical/ibm power system cs821lc (8005-12n)
canonical/ibm power system s822lc (8001-22c) firmware
canonical/ibm power system s822lc (8001-22c)
canonical/ibm power system s821lc (8001-12c) firmware
canonical/ibm power system s821lc (8001-12c)
canonical/ibm power 8
version/ibm power 8/op825.50
canonical/ibm hardware management console 7063-cr2 firmware
version/ibm hardware management console 7063-cr2 firmware/v3.11_v3.23_hmc