IBM Power System BMC Unauth DoS Vulnerability (CVE-2026-7254) Advisory

IBM Power System Security Bulletin: CVE-2026-7254 Vulnerability Overview CVEID: CVE-2026-7254 Description: The BMC HTTPS service is vulnerable to attacks from unauthorized network users, potentially leading to a denial of service. CVSS Source: IBM CVSS Base Score: 5.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Scope of Impact Affected Products: - OPENBMC - FW1110.00 - FW1110.13 Remediation Fixed Version: Install FW1110.20(1110_130) or a later version to remediate this vulnerability. Affected Systems: 1. IBM Power System S1122 (9824-22A) 2. IBM Power System S1124 (9824-42A) 3. IBM Power System S1122z (9824-22B) 4. IBM Power System S1114 (9824-41B) 5. IBM Power System L1122 (9856-22H) 6. IBM Power System L1124 (9856-42H) 7. IBM Power System E1150 (9043-MR0) Mitigation Measures Protect network interface access to the BMC. References Full CVSS v3 Guide Online Calculator v3 Related Resources IBM Security Engineering Web Portal IBM Product Security Incident Response Blog Disclaimer The Common Vulnerability Scoring System (CVSS) is an "industry open standard" established by the Forum of Incident Response and Security Teams (FIRST) to communicate vulnerability severity and assist in determining the urgency and priority of response. IBM provides CVSS scores "as is" without any express or implied warranties, including warranties of merchantability or fitness for a particular purpose. Customers are responsible for assessing the impact of any actual or potential security vulnerabilities. IBM periodically updates the records of components in its product portfolio to identify previously unrecognized packages. As part of this effort, IBM identifies relevant vulnerabilities in the product/service list regardless of the CVE date. The inclusion of an older CVEID does not indicate that the referenced product has been used by IBM since that date, nor does it indicate that IBM was aware of the vulnerability prior to that date. We are striving to make customers aware of relevant vulnerabilities as we become aware of them. The "Affected Products and Versions" section of this IBM Security Bulletin is intended to list only supported and non-end-of-service IBM products and versions. Therefore, the absence of a supported or extended service product or version from an IBM Security Bulletin does not constitute a determination by IBM that the product is unaffected by the vulnerability. The citation of one or more unsupported versions in this security bulletin does not impose any remediation obligation on IBM for unsupported or extended service products or versions.

Goal Reached Thanks to every supporter — we hit 100%!

IBM Power System BMC Unauth DoS Vulnerability (CVE-2026-7254) Advisory

More from this source