All the vulnerabilites related to lenovo - flex_system_x240_m5
Vulnerability from fkie_nvd
Published
2017-06-20 00:29
Modified
2024-11-21 03:26
Severity ?
Summary
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/product_security/LEN-14054 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/product_security/LEN-14054 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:integrated_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA6D55A-5391-4B6F-A399-A0449A1EBD8B",
"versionEndIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68ED17ED-BE60-4EE3-9599-C88C3C7A626C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D89A2206-7012-4938-9BE2-ACF014E3F3B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC3467C-3F00-4EE3-B40E-3AE7F93094DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A78B63-6588-4C40-BEBB-88C8DF467A18",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145F0B3C-A945-443B-AB08-329F72358801",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70A2471-D476-4FB7-8D1F-FEE0E4BF460C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25A3A89F-CB39-4E76-BC64-3C4F4788FB8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_cx2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA2F515-2E29-4478-AE61-9C513CC6901B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_cx4200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC339542-79DA-45AB-B488-C99D1FEB8359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_cx4600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "987FB06B-F349-48D5-B46C-CF23BD6B6811",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "740F81FC-AD9F-4AA0-9A32-7363363B7AEC",
"versionEndIncluding": "6.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9180CC-F795-4B8D-B9BF-37488D352AC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C010052B-1EBD-4129-9DCE-077575B8286A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F02BE9-BA77-4DC2-AB7A-BF53FE3B7CA0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A0AABD-73B4-4311-9185-643DE173092E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C175A-0B5F-453D-A661-0AD955DB22C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A17A8F8-F833-4F5E-A0ED-CF01B1ABAA9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC450128-EDFE-4BD3-A87F-946EED1E0E39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29845B4B-04B8-4685-948F-4DD19C88D7AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7EABA0-ADB1-4A9B-AB96-FF6BB5720C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9642CB05-D7EE-4AFA-A28F-A6E7961A57EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A58320C-8C0B-4819-838A-AE31F9BFC70E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E3BC19-4A70-4225-91E4-1DAE6C1986E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "967EE555-D0BF-4505-BB9D-0A7A92E94889",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ED74FB-C819-4BD9-9986-2588FCC2D308",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDB4836-D812-4818-AC08-38EABD56F3EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands."
},
{
"lang": "es",
"value": "En el firmware IMM2 de los servidores Lenovo System x, los comandos remotos enviados por LXCA u otras utilidades pueden ser capturados en el registro del servicio First Failure Data Capture (FFDC) si el registro del servicio se genera cuando ese comando remoto est\u00e1 en ejecuci\u00f3n. Los datos de comando capturados podr\u00edan contener informaci\u00f3n de inicio de sesi\u00f3n en texto claro. Los usuarios autorizados que pueden capturar y exportar datos de registro del servicio FFDC podr\u00edan tener acceso a estos comandos remotos."
}
],
"id": "CVE-2017-3744",
"lastModified": "2024-11-21T03:26:03.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-20T00:29:00.330",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/product_security/LEN-14054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/product_security/LEN-14054"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-04 17:29
Modified
2024-11-21 03:26
Severity ?
Summary
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-20241 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-20241 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x240_m5_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21457BA1-04A2-44F5-A33A-85FF81F09C44",
"versionEndExcluding": "2.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x280_x6_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83D664BC-39A8-4A7E-95E1-ACF88A5D71D7",
"versionEndExcluding": "4.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x480_x6_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5763A810-2C14-49F4-895E-D511B4C3FDB3",
"versionEndExcluding": "4.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x880_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61334EC1-3C26-4056-BBC5-E6D0066BDC31",
"versionEndExcluding": "4.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68ED17ED-BE60-4EE3-9599-C88C3C7A626C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:nextscale_nx360_m5_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E315447-AD2F-4861-A5BA-21DEA5ED1DA8",
"versionEndExcluding": "2.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3250_m6_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B60CE27-0BF7-4672-857C-2340913EF887",
"versionEndExcluding": "2.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D89A2206-7012-4938-9BE2-ACF014E3F3B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3500_m5_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA1D294-138D-44B4-A86B-58D4B9A70539",
"versionEndExcluding": "2.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC3467C-3F00-4EE3-B40E-3AE7F93094DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3550_m5_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6CB9785-3660-4578-A4E2-0DE50C7E57EA",
"versionEndExcluding": "2.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A78B63-6588-4C40-BEBB-88C8DF467A18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3650_m5_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D08A24F-EAF0-4A74-9DDC-7564C09172D5",
"versionEndExcluding": "2.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145F0B3C-A945-443B-AB08-329F72358801",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3850_x6_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2B0B1A-F876-4280-B8CA-C829CCA51291",
"versionEndExcluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70A2471-D476-4FB7-8D1F-FEE0E4BF460C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3950_x6_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85425D7F-3087-477C-82B6-B829CDD6EA33",
"versionEndExcluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25A3A89F-CB39-4E76-BC64-3C4F4788FB8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code."
},
{
"lang": "es",
"value": "Algunas versiones BIOS/UEFI del servidor x de Lenovo, cuando Secure Boot est\u00e1 habilitado por un administrador del sistema, no autentican correctamente el c\u00f3digo firmado antes de cargarlo. Como resultado, un atacante con acceso f\u00edsico al sistema podr\u00eda cargar c\u00f3digo no firmado."
}
],
"id": "CVE-2017-3775",
"lastModified": "2024-11-21T03:26:06.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-04T17:29:00.223",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20241"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-26 19:29
Modified
2024-11-21 04:14
Severity ?
Summary
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-20227 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-20227 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3AA4469-91DE-4F7B-A2CF-568C05F5E4AE",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x240_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "127A4CC7-08CE-46DF-8C98-7BE845DF2493",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x280_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01F45A40-2C91-4362-866F-C751E4E8507E",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE68A72-826C-4DB6-8ADF-04303B6D9F68",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x480_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F9B301-C6C4-4AE2-AEF7-035AD4A3D3A8",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x880_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "003631A2-F0BD-4F2D-853B-92AA80535811",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68ED17ED-BE60-4EE3-9599-C88C3C7A626C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:nextscale_nx360_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17771FAE-38EA-41A5-9C93-286642E08692",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3250_m6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D890D-79FE-43CA-881B-8B9FAB745B47",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D89A2206-7012-4938-9BE2-ACF014E3F3B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3500_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2393A517-E1FA-42AD-A40A-E1C00E135962",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC3467C-3F00-4EE3-B40E-3AE7F93094DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3550_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41F41191-D8A4-45A9-90B4-46A974DBEFB7",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A78B63-6588-4C40-BEBB-88C8DF467A18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3650_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F75B122F-C126-4726-9599-96F8ACDAEAAE",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145F0B3C-A945-443B-AB08-329F72358801",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3750_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF06210-2034-422B-884F-FAFFF9F5E7F5",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3850_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBFA57E-F2A7-4960-B388-A21F1C277A2B",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70A2471-D476-4FB7-8D1F-FEE0E4BF460C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3950_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "644708FB-7C30-4DB2-862A-E7AD8B9AC0A8",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25A3A89F-CB39-4E76-BC64-3C4F4788FB8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs22_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A49BE897-592D-491E-AB25-C641BE74A0C6",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9180CC-F795-4B8D-B9BF-37488D352AC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF33F7C1-7390-47CF-B1C4-30636F2FFC96",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C010052B-1EBD-4129-9DCE-077575B8286A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "485A886E-EE8B-47F7-AC39-A311544739C4",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F02BE9-BA77-4DC2-AB7A-BF53FE3B7CA0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x220_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96B8AE78-70F8-4961-B173-3BBE73EB80DD",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A0AABD-73B4-4311-9185-643DE173092E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x222_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDC859F-23B8-4EE6-B331-107B22E18417",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8001DD7C-3FA3-4FF1-88B2-FB2CDC97D6ED",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x280_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78BEDB5B-E5DE-42ED-84CD-B822EDBBD92D",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C175A-0B5F-453D-A661-0AD955DB22C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACDA1F4-DC48-44D2-832F-F8864049F46F",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x480_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C44899F-0F88-4881-BC82-69532673D85A",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A17A8F8-F833-4F5E-A0ED-CF01B1ABAA9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x880_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65601BD9-1BAF-4E61-B7D4-ADCB8A61E073",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC450128-EDFE-4BD3-A87F-946EED1E0E39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5491D7-AE3A-4060-AB2E-6CEDE3A466F1",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29845B4B-04B8-4685-948F-4DD19C88D7AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_water_cooled_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A529319C-0EF1-4D12-B032-74B985FF16C0",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7EABA0-ADB1-4A9B-AB96-FF6BB5720C50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:nextscale_nx360_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7D2A225-5C7D-4277-9DBB-1E186000E6D1",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9642CB05-D7EE-4AFA-A28F-A6E7961A57EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3100_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C76751-393A-46DE-A8EC-8129BA9582F6",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3100_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09D1B7F0-9908-47C3-8DB4-EC9657D0CCB0",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A58320C-8C0B-4819-838A-AE31F9BFC70E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3250_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D374BCB-AAD4-4E87-A0ED-6FAEC3A671EB",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3250_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A6F7B6-F230-450C-B2A1-0C9AABB7C834",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E3BC19-4A70-4225-91E4-1DAE6C1986E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3300_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74886C09-D9AC-4F5B-B5D5-CCCD477E43B8",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3500_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF3E405-B028-4EB7-AE49-797A55B201E0",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3530_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "671D194C-063A-4558-BC22-6BA0CFF5D0F1",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3550_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "687DAA9F-F10F-41AF-969D-7C4C773BD392",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3630_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "773D2239-ED51-4927-BE55-D25A95BD42D1",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D1D239-A124-4C7B-BDDC-E1F1130E07D7",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_bd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D95BBF-BC36-4F7A-83A1-C1C3A151AF6E",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "967EE555-D0BF-4505-BB9D-0A7A92E94889",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCA4009-4DA3-4DE5-B7E3-DAA17837D304",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3750_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F08B2B-A9E9-4FAA-9C51-2E3F84B24A59",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3850_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6141A253-B5CD-4A3C-9393-3CC2E0A41006",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ED74FB-C819-4BD9-9986-2588FCC2D308",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3950_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81C11DAA-A933-444F-AFC0-9AD8ABB2D79F",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDB4836-D812-4818-AC08-38EABD56F3EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI."
},
{
"lang": "es",
"value": "La funci\u00f3n IMM2 First Failure Data Capture recopila informaci\u00f3n de diagn\u00f3stico y registros de los m\u00f3dulos de gesti\u00f3n cuando se detecta un error de hardware. Esta informaci\u00f3n est\u00e1 disponible para su descarga mediante un servidor SFTP alojado en la interfaz de gesti\u00f3n de red de IMM2. En versiones anteriores a la 4.90 para Lenovo System y anteriores a la 6.80 para IBM System x, las credenciales para acceder al servidor SFTP est\u00e1n embebidas y se describen en la documentaci\u00f3n de IMM2. Esto permite que un atacante con acceso de gesti\u00f3n a la red obtenga los datos FFDC recopilados. Tras aplicar la actualizaci\u00f3n, IMM2 crear\u00e1 credenciales SFTP aleatorias para emplearlas con OneCLI."
}
],
"id": "CVE-2018-9068",
"lastModified": "2024-11-21T04:14:54.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-26T19:29:00.487",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20227"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-22 16:29
Modified
2024-11-21 04:46
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-25667 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-25667 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53CEEB99-4678-4E88-998D-568125E34452",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x240_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96EDEC86-B1ED-429E-B81F-60D1E2B04343",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x280_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CAF102E-E6FE-42BF-A6FF-FE4B2CD0FECA",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0B3FD1-BEC8-44E3-83A6-7CA7DA0F4384",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x480_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC00496-EA80-4E04-BEDE-DB5BCD20238C",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x880_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF13D6E-F338-47B4-A92D-7D9CA4615C71",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68ED17ED-BE60-4EE3-9599-C88C3C7A626C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:nextscale_nx360_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B342CC-D7FD-4173-8244-B9DB6FBF9202",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3250_m6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF43263-734C-4CE7-B5F5-6D9BEE40B175",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D89A2206-7012-4938-9BE2-ACF014E3F3B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3500_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E518BC-C06D-4554-9AE3-358FBBFABB4E",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC3467C-3F00-4EE3-B40E-3AE7F93094DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3550_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD7FD7F-4A99-4618-B336-D9753A92035A",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A78B63-6588-4C40-BEBB-88C8DF467A18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3650_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF5439A-4576-4A26-BE88-D8184B186846",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145F0B3C-A945-443B-AB08-329F72358801",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3750_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1F9C5E-92D3-4DA6-9FD1-7F7857769C34",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3850_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7ACFF6-3E64-45A7-B1EB-DD26711064ED",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70A2471-D476-4FB7-8D1F-FEE0E4BF460C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3950_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86256CCB-9074-47CF-8673-36EE78BD0BCA",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25A3A89F-CB39-4E76-BC64-3C4F4788FB8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs22_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7FF63AE-6D07-4706-B647-CB041284FE51",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9180CC-F795-4B8D-B9BF-37488D352AC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEBC3C39-1088-4120-9476-263F952DEDE7",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C010052B-1EBD-4129-9DCE-077575B8286A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC7357C-32AB-41CE-BE3C-6B1E38223F4A",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F02BE9-BA77-4DC2-AB7A-BF53FE3B7CA0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x220_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A304B98A-7301-491B-884A-7EAF1E58D74D",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A0AABD-73B4-4311-9185-643DE173092E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x222_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5974137F-8076-4895-82CB-F49A0383DB16",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEFEF7E-2412-4F85-B588-E350B57C9261",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x280_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4DC1FB-C916-409E-ABB5-12CA496F2525",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C175A-0B5F-453D-A661-0AD955DB22C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B526782-CD71-4ADF-9307-2FCDEF40BF21",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x480_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D898109-92E6-4D53-892E-0CF2F4B25B05",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A17A8F8-F833-4F5E-A0ED-CF01B1ABAA9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x880_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C2B387-A83B-43F9-853A-9BBD9B599DF6",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC450128-EDFE-4BD3-A87F-946EED1E0E39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF4E346-2956-46EE-AF0E-562F408B5455",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29845B4B-04B8-4685-948F-4DD19C88D7AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_water_cooled_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F79F602B-E90D-4E3A-B19C-78CCF1E25431",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7EABA0-ADB1-4A9B-AB96-FF6BB5720C50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:nextscale_nx360_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5E15F9-AB92-44F6-B6C7-903C1EE019AC",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9642CB05-D7EE-4AFA-A28F-A6E7961A57EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3100_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E106FB-A40B-431A-88BD-BDC344D97237",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3100_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335A2396-B190-472B-8D14-028E24715B99",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A58320C-8C0B-4819-838A-AE31F9BFC70E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3250_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB640902-1AA1-4C2D-9E71-6DEB0C5C7F41",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3250_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C26DCBC-6771-4128-85F2-E9C784A9E477",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E3BC19-4A70-4225-91E4-1DAE6C1986E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3300_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D87C9465-CEC9-424C-B55D-B295BB92CEA4",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3500_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8C3782-EC28-46FE-99C2-1CEFF06CD6FC",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3530_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D97AB758-0B2E-404D-B86C-2091FA4F0020",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3550_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA158A3-4E4A-4184-A90C-78ED3B4191EC",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3630_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA5AA86-D0EF-495E-AA54-6EF74057449A",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60278935-F342-4010-92AE-6630BADB9F86",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_bd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "291AD362-BB37-4B4E-9E57-99893327AB24",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "967EE555-D0BF-4505-BB9D-0A7A92E94889",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0768D4A-6D7F-4DB6-AF22-F655FFC57ABC",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3750_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B414E1DD-1CE9-425D-BA12-C089A3B52EED",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3850_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "321CD3DF-BC7F-41D5-9EFA-F7F65D440484",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ED74FB-C819-4BD9-9986-2588FCC2D308",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3950_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D51F07-0074-410F-9E08-8EC442DB694D",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDB4836-D812-4818-AC08-38EABD56F3EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In various firmware versions of Lenovo System x, the integrated management module II (IMM2)\u0027s first failure data capture (FFDC) includes the web server\u0027s private key in the generated log file for support."
},
{
"lang": "es",
"value": "En varias versiones de firmware de Lenovo System x, First Failure Data Capture (FFDC) del m\u00f3dulo de administraci\u00f3n integrada II (IMM2) incluye la clave privada del servidor web dentro del archivo de registro generado para soporte."
}
],
"id": "CVE-2019-6157",
"lastModified": "2024-11-21T04:46:02.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-22T16:29:02.037",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-25667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-25667"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-15 15:15
Modified
2024-11-21 05:38
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user's web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:integrated_management_module_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "271BEC0B-274D-4D0A-A2BD-EFC5C0499DB1",
"versionEndExcluding": "5.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_nx360_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51CC6CD5-FCAC-4D2C-B317-59F7D104F1BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBA2148-9A2A-4216-8A68-1289386DA71D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x3250_m6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "787E3EF4-0ACB-4E3E-8932-471E94F4E288",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x3500_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B314A309-C2E4-4D2C-AC1C-F3F068A9C588",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x3550_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7195ED2-0D10-4FBA-BADD-6859587F1249",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x3650_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA18952C-2981-4CE7-8611-94DD251EC1E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1987191-FC33-4C76-991D-A25258550041",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C32626B5-9921-4A4B-B998-DBC416C13377",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A79063A0-4342-4FE3-8C30-B8304D5F8D43",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x440:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5B7974-7069-4C39-8851-8E053D9B3920",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x880_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86714374-B1B1-49E0-A156-C95DC06701EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:integrated_management_module_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62C2E31E-C4C4-41C4-87A2-AC6BC5AABA7F",
"versionEndExcluding": "5.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user\u0027s web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user\u2019s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de tipo cross-site scripting (XSS) en la interfaz web legacy de IBM y Lenovo System x IMM2 (M\u00f3dulo Integrated Management 2) versiones anteriores a 5.60, una interfaz web Baseboard Management Controller (BMC) integrada durante una revisi\u00f3n de seguridad interna.\u0026#xa0;Esta vulnerabilidad podr\u00eda permitir al c\u00f3digo JavaScript ser ejecutado en el navegador web del usuario, si el usuario est\u00e1 convencido de visitar una URL dise\u00f1ada, posiblemente por medio de phishing.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito requiere que sean incluidos conocimientos espec\u00edficos sobre la red del usuario en la URL dise\u00f1ada.\u0026#xa0;El impacto es limitado a las restricciones y permisos de acceso normales del usuario que hace clic en la URL dise\u00f1ada, y est\u00e1 sujeto a que el usuario pueda conectarse y ya est\u00e9 autenticado en IMM2 u otros sistemas.\u0026#xa0;El c\u00f3digo JavaScript no es ejecutado en el propio IMM2"
}
],
"id": "CVE-2020-8340",
"lastModified": "2024-11-21T05:38:44.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-15T15:15:14.230",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-44717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-44717"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-19 14:29
Modified
2024-11-21 03:26
Severity ?
Summary
A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:integrated_management_module_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0304A99D-9E06-43AA-9D67-195BCA4D10E7",
"versionEndExcluding": "4.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68ED17ED-BE60-4EE3-9599-C88C3C7A626C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D89A2206-7012-4938-9BE2-ACF014E3F3B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC3467C-3F00-4EE3-B40E-3AE7F93094DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A78B63-6588-4C40-BEBB-88C8DF467A18",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145F0B3C-A945-443B-AB08-329F72358801",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70A2471-D476-4FB7-8D1F-FEE0E4BF460C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25A3A89F-CB39-4E76-BC64-3C4F4788FB8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:integrated_management_module_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E813F6-4EB2-4E3D-AD4D-7D8EB1BFB71D",
"versionEndExcluding": "6.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9180CC-F795-4B8D-B9BF-37488D352AC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C010052B-1EBD-4129-9DCE-077575B8286A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F02BE9-BA77-4DC2-AB7A-BF53FE3B7CA0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A0AABD-73B4-4311-9185-643DE173092E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C175A-0B5F-453D-A661-0AD955DB22C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A17A8F8-F833-4F5E-A0ED-CF01B1ABAA9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC450128-EDFE-4BD3-A87F-946EED1E0E39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29845B4B-04B8-4685-948F-4DD19C88D7AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7EABA0-ADB1-4A9B-AB96-FF6BB5720C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9642CB05-D7EE-4AFA-A28F-A6E7961A57EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A58320C-8C0B-4819-838A-AE31F9BFC70E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E3BC19-4A70-4225-91E4-1DAE6C1986E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "967EE555-D0BF-4505-BB9D-0A7A92E94889",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ED74FB-C819-4BD9-9986-2588FCC2D308",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDB4836-D812-4818-AC08-38EABD56F3EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad de desbordamiento de pila en el servicio de administraci\u00f3n web en Integrated Management Module 2 (IMM2), en versiones anteriores a la 4.70 empleadas en algunos servidores de Lenovo y en versiones anteriores a la 6.60 empleadas en algunos servidores de IBM. Un atacante que proporcione una combinaci\u00f3n de ID y contrase\u00f1a manipulados puede hacer que una porci\u00f3n de la rutina de autenticaci\u00f3n desborde su pila, lo que provoca una corrupci\u00f3n de la pila."
}
],
"id": "CVE-2017-3774",
"lastModified": "2024-11-21T03:26:06.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-19T14:29:00.357",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-19586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-19586"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-3775
Vulnerability from cvelistv5
Published
2018-05-04 16:00
Modified
2024-09-16 23:56
Severity ?
EPSS score ?
Summary
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-20241 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo Group Ltd. | Some Lenovo Flex System and Lenovo System x products |
Version: Affected BIOS version varies by product |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:39.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Some Lenovo Flex System and Lenovo System x products",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Affected BIOS version varies by product"
}
]
}
],
"datePublic": "2018-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Booting unauthenticated code",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T15:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2018-05-03T00:00:00",
"ID": "CVE-2017-3775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Some Lenovo Flex System and Lenovo System x products",
"version": {
"version_data": [
{
"version_value": "Affected BIOS version varies by product"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Booting unauthenticated code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-20241",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-20241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2017-3775",
"datePublished": "2018-05-04T16:00:00Z",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-09-16T23:56:19.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6157
Vulnerability from cvelistv5
Published
2019-04-22 15:21
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/solutions/LEN-25667 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-25667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System x",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2019-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In various firmware versions of Lenovo System x, the integrated management module II (IMM2)\u0027s first failure data capture (FFDC) includes the web server\u0027s private key in the generated log file for support."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-22T15:21:29",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-25667"
}
],
"source": {
"advisory": "LEN-25667",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-04-18T16:00:00.000Z",
"ID": "CVE-2019-6157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System x",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In various firmware versions of Lenovo System x, the integrated management module II (IMM2)\u0027s first failure data capture (FFDC) includes the web server\u0027s private key in the generated log file for support."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-25667",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-25667"
}
]
},
"source": {
"advisory": "LEN-25667",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6157",
"datePublished": "2019-04-22T15:21:29.692559Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-17T00:06:19.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3774
Vulnerability from cvelistv5
Published
2018-04-19 14:00
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-19586 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Lenovo Group Ltd. | IMM2 |
Version: Earlier than 4.40 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:40.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-19586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IMM2",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than 4.40"
}
]
},
{
"product": "IMM2",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "Earlier than 6.60"
}
]
}
],
"datePublic": "2018-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack overflow leading to memory corruption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-19T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-19586"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2018-04-12T00:00:00",
"ID": "CVE-2017-3774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IMM2",
"version": {
"version_data": [
{
"version_value": "Earlier than 4.40"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
},
{
"product": {
"product_data": [
{
"product_name": "IMM2",
"version": {
"version_data": [
{
"version_value": "Earlier than 6.60"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack overflow leading to memory corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-19586",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-19586"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2017-3774",
"datePublished": "2018-04-19T14:00:00Z",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-09-16T16:48:19.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9068
Vulnerability from cvelistv5
Published
2018-07-26 19:00
Modified
2024-09-17 03:38
Severity ?
EPSS score ?
Summary
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-20227 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Lenovo Group Ltd. | System x IMM2 |
Version: firmware versions earlier than 4.90 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System x IMM2",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware versions earlier than 4.90"
}
]
},
{
"product": "System x IMM2",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions earlier than 6.80"
}
]
}
],
"datePublic": "2018-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-26T18:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2018-07-26T00:00:00",
"ID": "CVE-2018-9068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System x IMM2",
"version": {
"version_data": [
{
"version_value": "firmware versions earlier than 4.90"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
},
{
"product": {
"product_data": [
{
"product_name": "System x IMM2",
"version": {
"version_data": [
{
"version_value": "firmware versions earlier than 6.80"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-20227",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-20227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9068",
"datePublished": "2018-07-26T19:00:00Z",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-09-17T03:38:52.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3744
Vulnerability from cvelistv5
Published
2017-06-20 00:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/product_security/LEN-14054 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo Group Ltd. | Lenovo System x IMM2 |
Version: Lenovo System x IMM2 firmware versions earlier than 4.10 and IBM System x IMM2 firmware versions earlier than 6.20 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/product_security/LEN-14054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo System x IMM2",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Lenovo System x IMM2 firmware versions earlier than 4.10 and IBM System x IMM2 firmware versions earlier than 6.20"
}
]
}
],
"datePublic": "2017-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Disclosure of login credentials to user with local privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-19T23:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/product_security/LEN-14054"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2017-3744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo System x IMM2",
"version": {
"version_data": [
{
"version_value": "Lenovo System x IMM2 firmware versions earlier than 4.10 and IBM System x IMM2 firmware versions earlier than 6.20"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Disclosure of login credentials to user with local privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/product_security/LEN-14054",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/product_security/LEN-14054"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2017-3744",
"datePublished": "2017-06-20T00:00:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8340
Vulnerability from cvelistv5
Published
2020-09-15 14:20
Modified
2024-09-17 01:25
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user's web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-44717 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-44717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System x IMM2 firmware for: x240, Machine Types: 7162, 2588; x440, Machine Type 7167, 2590 ; x3750 M4, Machine Type: 8753 ; x3250 M6, Machine type 3633, 3943 ; nx360 M5, Machine type 5465, 5467 ; x280/x480/x880 X6 , Machine Type 7196, 4258 ; x3850 X6 and x3950 X6, Machine type 6241 ; x3550 M5, Machine Type 5463, 8869 ; x3650 M5, Machine Type 5462, 8871; x3500 M5, Machine Type 5464, 5478",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.60",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "System x IMM2 firmware for x240 M5, Machine Types: 9532, 2591",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.61",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "System x IMM2 firmware",
"vendor": "IBM",
"versions": [
{
"lessThan": "5.60",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user\u0027s web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user\u2019s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-15T14:20:17",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-44717"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to IMM2 firmware version 5.60 (or newer) for the following System x products.\n- x240, Machine Types: 7162, 2588\n- x440, Machine Type 7167, 2590\n- x3750 M4, Machine Type: 8753\n- x3250 M6, Machine type 3633, 3943\n- nx360 M5, Machine type 5465, 5467\n- x280/x480/x880 X6 , Machine Type 7196, 4258\n- x3850 X6 and x3950 X6, Machine type 6241 \n- x3550 M5, Machine Type 5463, 8869\n- x3650 M5, Machine Type 5462, 8871 \n- x3500 M5, Machine Type 5464, 5478 \n\nUpgrade to IMM2 firmware version 5.61 (or newer) for the following System x products. - x240 M5, Machine Types: 9532, 2591"
}
],
"source": {
"advisory": "LEN-44717",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-09-15T16:00:00.000Z",
"ID": "CVE-2020-8340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System x IMM2 firmware for: x240, Machine Types: 7162, 2588; x440, Machine Type 7167, 2590 ; x3750 M4, Machine Type: 8753 ; x3250 M6, Machine type 3633, 3943 ; nx360 M5, Machine type 5465, 5467 ; x280/x480/x880 X6 , Machine Type 7196, 4258 ; x3850 X6 and x3950 X6, Machine type 6241 ; x3550 M5, Machine Type 5463, 8869 ; x3650 M5, Machine Type 5462, 8871; x3500 M5, Machine Type 5464, 5478",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.60"
}
]
}
},
{
"product_name": "System x IMM2 firmware for x240 M5, Machine Types: 9532, 2591",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.61"
}
]
}
}
]
},
"vendor_name": "Lenovo"
},
{
"product": {
"product_data": [
{
"product_name": "System x IMM2 firmware",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.60"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user\u0027s web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user\u2019s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-44717",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-44717"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to IMM2 firmware version 5.60 (or newer) for the following System x products.\n- x240, Machine Types: 7162, 2588\n- x440, Machine Type 7167, 2590\n- x3750 M4, Machine Type: 8753\n- x3250 M6, Machine type 3633, 3943\n- nx360 M5, Machine type 5465, 5467\n- x280/x480/x880 X6 , Machine Type 7196, 4258\n- x3850 X6 and x3950 X6, Machine type 6241 \n- x3550 M5, Machine Type 5463, 8869\n- x3650 M5, Machine Type 5462, 8871 \n- x3500 M5, Machine Type 5464, 5478 \n\nUpgrade to IMM2 firmware version 5.61 (or newer) for the following System x products. - x240 M5, Machine Types: 9532, 2591"
}
],
"source": {
"advisory": "LEN-44717",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8340",
"datePublished": "2020-09-15T14:20:17.653698Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-17T01:25:37.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}