openbmcs CVE Vulnerabilities & Metrics

Focus on openbmcs vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About openbmcs Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with openbmcs. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total openbmcs CVEs: 5
Earliest CVE date: 09 Dec 2025, 21:15 UTC
Latest CVE date: 09 Dec 2025, 21:15 UTC

Latest CVE reference: CVE-2021-47718

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 5

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical openbmcs CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS openbmcs CVEs

These are the five CVEs with the highest CVSS scores for openbmcs, sorted by severity first and recency.

CVE-2021-47718 openbmcs Published on 09 Dec 2025, 21:15 UTC (CVSS: 0)
OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information.
CVE-2021-47704 openbmcs Published on 09 Dec 2025, 21:15 UTC (CVSS: 0)
OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obix_test.php with malicious 'id' values to extract database information.
CVE-2021-47703 openbmcs Published on 09 Dec 2025, 21:15 UTC (CVSS: 0)
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.
CVE-2021-47702 openbmcs Published on 09 Dec 2025, 21:15 UTC (CVSS: 0)
OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings.
CVE-2021-47701 openbmcs Published on 09 Dec 2025, 21:15 UTC (CVSS: 0)
OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory.

All CVEs for openbmcs

CVE-2021-47718 openbmcs vulnerability CVSS: 0 09 Dec 2025, 21:15 UTC

OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information.

CVE-2021-47704 openbmcs vulnerability CVSS: 0 09 Dec 2025, 21:15 UTC

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obix_test.php with malicious 'id' values to extract database information.

CVE-2021-47703 openbmcs vulnerability CVSS: 0 09 Dec 2025, 21:15 UTC

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.

CVE-2021-47702 openbmcs vulnerability CVSS: 0 09 Dec 2025, 21:15 UTC

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings.

CVE-2021-47701 openbmcs vulnerability CVSS: 0 09 Dec 2025, 21:15 UTC

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory.