All the vulnerabilites related to ibm - system_x3530_m4
Vulnerability from fkie_nvd
Published
2013-08-09 23:55
Modified
2024-11-21 01:54
Severity ?
Summary
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | bladecenter | hs22 | |
| ibm | bladecenter | hs22v | |
| ibm | bladecenter | hs23 | |
| ibm | bladecenter | hs23e | |
| ibm | bladecenter | hx5 | |
| ibm | flex_system_x220_compute_node | - | |
| ibm | flex_system_x240_compute_node | - | |
| ibm | flex_system_x440_compute_node | - | |
| ibm | system_x_idataplex_dx360_m2_server | - | |
| ibm | system_x_idataplex_dx360_m3_server | - | |
| ibm | system_x_idataplex_dx360_m4_server | - | |
| ibm | system_x3100_m4 | - | |
| ibm | system_x3200_m3 | - | |
| ibm | system_x3250_m3 | - | |
| ibm | system_x3250_m4 | - | |
| ibm | system_x3400_m2 | - | |
| ibm | system_x3400_m3 | - | |
| ibm | system_x3500_m2 | - | |
| ibm | system_x3500_m3 | - | |
| ibm | system_x3500_m4 | - | |
| ibm | system_x3530_m4 | - | |
| ibm | system_x3550_m2 | - | |
| ibm | system_x3550_m3 | - | |
| ibm | system_x3550_m4 | - | |
| ibm | system_x3620_m3 | - | |
| ibm | system_x3630_m3 | - | |
| ibm | system_x3630_m4 | - | |
| ibm | system_x3650_m2 | - | |
| ibm | system_x3650_m3 | - | |
| ibm | system_x3650_m4 | - | |
| ibm | system_x3690_x5 | - | |
| ibm | system_x3750_m4 | - | |
| ibm | system_x3850_x5 | - | |
| ibm | system_x3950_x5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
},
{
"lang": "es",
"value": "El protocolo RAKP soportado en la implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, and System x3###, env\u00eda una contrase\u00f1a hash al cliente, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2013-4037",
"lastModified": "2024-11-21T01:54:45.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T23:55:02.863",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-09 23:55
Modified
2024-11-21 01:54
Severity ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | bladecenter | hs22 | |
| ibm | bladecenter | hs22v | |
| ibm | bladecenter | hs23 | |
| ibm | bladecenter | hs23e | |
| ibm | bladecenter | hx5 | |
| ibm | flex_system_x220_compute_node | - | |
| ibm | flex_system_x240_compute_node | - | |
| ibm | flex_system_x440_compute_node | - | |
| ibm | system_x_idataplex_dx360_m2_server | - | |
| ibm | system_x_idataplex_dx360_m3_server | - | |
| ibm | system_x_idataplex_dx360_m4_server | - | |
| ibm | system_x3100_m4 | - | |
| ibm | system_x3200_m3 | - | |
| ibm | system_x3250_m3 | - | |
| ibm | system_x3250_m4 | - | |
| ibm | system_x3400_m2 | - | |
| ibm | system_x3400_m3 | - | |
| ibm | system_x3500_m2 | - | |
| ibm | system_x3500_m3 | - | |
| ibm | system_x3500_m4 | - | |
| ibm | system_x3530_m4 | - | |
| ibm | system_x3550_m2 | - | |
| ibm | system_x3550_m3 | - | |
| ibm | system_x3550_m4 | - | |
| ibm | system_x3620_m3 | - | |
| ibm | system_x3630_m3 | - | |
| ibm | system_x3630_m4 | - | |
| ibm | system_x3650_m2 | - | |
| ibm | system_x3650_m3 | - | |
| ibm | system_x3650_m4 | - | |
| ibm | system_x3690_x5 | - | |
| ibm | system_x3750_m4 | - | |
| ibm | system_x3850_x5 | - | |
| ibm | system_x3950_x5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
},
{
"lang": "es",
"value": "La implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, y System x3### tiene una contrase\u00f1a predeterminada para una cuenta de usuario IPMI, lo que hace m\u00e1s f\u00e1cil para los atacantes remotos realizar el encendido, apagado, reinicio, o a\u00f1adir o modificar las cuentas, a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4031",
"lastModified": "2024-11-21T01:54:45.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T23:55:02.840",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-26 19:29
Modified
2024-11-21 03:26
Severity ?
Summary
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenova:flex_system_x240_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8ED668-C53C-47A2-A84F-CADC8DB4F3BD",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenova:flex_system_x240_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C35790-5983-4275-9E27-D369398682B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenova:flex_system_x280_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46E6DAE3-7580-47F1-9AFB-181BA9D217D5",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenova:flex_system_x280_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCCE0FCA-11A5-4AC5-8124-A521723F4EB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenova:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A99076DC-8C22-4A11-84E4-91761E4F672D",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenova:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D1BEA1-F4A1-4EF3-A471-35A3D0CDF6E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenova:flex_system_x480_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A56F99-CA97-4A47-9EA8-967D7F13BC9A",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenova:flex_system_x480_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A129C381-6732-4498-979E-9E8E70C1D9EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenova:flex_system_x880_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E9DD33-3559-4590-9D86-998EF3526F34",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenova:flex_system_x880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6801CA58-67D9-4E3D-882A-A8327B1194CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenova:nextscale_nx360_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBD85DC-9E99-45B2-8D9D-DBCE50A02A81",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenova:nextscale_nx360_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9058D6-2BA3-4F58-A55F-9E23F6F175BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenova:system_x3250_m6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AABC1F2-D93F-42DF-98D2-D3B6A956E834",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenova:system_x3250_m6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6EFF65-BC96-4D1C-BA54-DAA0DFBCFE4A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenova:system_x3500_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3C0596-EA61-4F48-A820-798CA0EDEE1D",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenova:system_x3500_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71B7FF85-F374-48E3-9312-1AB4F4B37E8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenova:system_x3550_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "572732D1-CC28-4F79-8EA0-A536549C8D48",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenova:system_x3550_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8235F1EA-EC94-4BB3-B8CB-B6D251A3EFAD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenova:system_x3650_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D87909-6C74-46BC-9CB8-5965FCC51BB9",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenova:system_x3650_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC6A511-BEF5-4100-A517-3EF5FC67F5F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenova:system_x3750_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21D6FFB4-0894-4BD8-8F8F-9E4EE2E69DEA",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenova:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7091088-0E95-484D-8185-61BA8E2FE0E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenova:system_x3850_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E94D0BE3-DAC8-49E2-8D2C-CC521DD88E3A",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenova:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3F5C19-BA44-41FD-811E-F9B2CB95E012",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenova:system_x3950_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC24C86-0B33-4927-A320-CCF16EB2F89D",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenova:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB9721F-324B-4C61-8A26-8BBA4E348AEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenova:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9661B216-A753-4607-A922-D7150CD9B569",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenova:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F54F2D5-A9FA-4270-8B3F-F7EFA5B074CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs22_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "755A6821-94AC-4FB5-8431-2A311EB5122B",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9180CC-F795-4B8D-B9BF-37488D352AC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D83555-3984-4403-8148-01BA2E778FC7",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C010052B-1EBD-4129-9DCE-077575B8286A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "319A03D6-4081-4457-A2AA-E36000A8D02B",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F02BE9-BA77-4DC2-AB7A-BF53FE3B7CA0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x220_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD0803B-B459-496D-A538-76BA7E93AF2F",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A0AABD-73B4-4311-9185-643DE173092E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x222_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C1ED1F-2920-4514-8BE7-571A5C0DC0C5",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0221C6DB-5ACF-4EC4-BA98-192322706C4F",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x280_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2C015F-81E9-4F65-A71F-0F78F36FCC84",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C175A-0B5F-453D-A661-0AD955DB22C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B522C0-3721-4D1F-B623-57ABA4C39FF8",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x480_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "249E0CF6-0D1F-4684-B4B7-68EEDC299627",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A17A8F8-F833-4F5E-A0ED-CF01B1ABAA9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x880_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CAB2B36-1ACB-403E-BFC2-54E042A36C85",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC450128-EDFE-4BD3-A87F-946EED1E0E39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "942B1B2C-031A-48AF-967C-E8947B1E8861",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29845B4B-04B8-4685-948F-4DD19C88D7AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_water_cooled_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C180AD0-7956-46E6-95E8-F2B86F98A779",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7EABA0-ADB1-4A9B-AB96-FF6BB5720C50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:nextscale_nx360_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42C3D741-1A79-4859-BA0C-463651D9ED99",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9642CB05-D7EE-4AFA-A28F-A6E7961A57EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3100_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFAB16EB-64D8-40DB-959C-1DE870D6E696",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3100_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B0FB314-D7CC-4C1A-8767-505D697C05DB",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A58320C-8C0B-4819-838A-AE31F9BFC70E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3250_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F78CFCD7-22E9-4B73-A3DC-91354D6EA905",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3250_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25DCFC11-3642-4B09-A806-F780E6A40554",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E3BC19-4A70-4225-91E4-1DAE6C1986E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3300_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C13045D-DB2C-4767-951A-B5650FFEF5DC",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3500_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C93F6F32-8A99-4835-B466-5EB031533A11",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3530_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "907258CB-A7EF-4B8B-A4A6-0A9FB7103C2E",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3550_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "952E9BBC-0297-4C9C-972A-08205E5C20E4",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3630_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88F20E9-A0A3-466C-A43F-00D825A718EB",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDF4C26-0A2F-4A52-8E49-8F68461116DD",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_bd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1901D6F-8051-4B0F-865B-B17BCDC68BC2",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "967EE555-D0BF-4505-BB9D-0A7A92E94889",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3750_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54091626-95DE-43E6-B599-F1E935F8E5A6",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3850_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D7AC260-B3A5-405E-8999-539F90C5E700",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ED74FB-C819-4BD9-9986-2588FCC2D308",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3950_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DA7B09-181D-499B-8B44-A8E903E155D1",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDB4836-D812-4818-AC08-38EABD56F3EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB24652-3972-4CD0-9C02-F8C1AE79447E",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease."
},
{
"lang": "es",
"value": "Un atacante sin privilegios con conectividad al IMM2 podr\u00eda provocar un ataque de denegaci\u00f3n de servicio (DoS) en el IMM2 (versiones anteriores a la 4.4 para Lenovo System x y anteriores a la 6.4 para IBM System x). Inundar el IMM2 con un gran volumen de fallos de autenticaci\u00f3n mediante el Common Information Model (CIM) empleado por LXCA, OneCLI y otras herramientas puede agotar la memoria del sistema disponible. Esto puede provocar que el IMM2 se reinicie hasta que cesen las peticiones."
}
],
"id": "CVE-2017-3768",
"lastModified": "2024-11-21T03:26:06.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-26T19:29:00.383",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-14450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-14450"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-16 14:29
Modified
2024-11-21 04:14
Severity ?
Summary
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-24477 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-24477 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4615A750-2A3B-47B4-89EE-A3232E19CAF2",
"versionEndExcluding": "a3e122b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEEBA90-3902-48F4-AFF2-708C0F1732B6",
"versionEndExcluding": "cge122b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3750_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69B6C713-88F0-46FA-9BA0-A8990742BF56",
"versionEndExcluding": "a5e124b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC299FF-82AF-4B45-8646-8EEA9A9A7EB6",
"versionEndExcluding": "tke160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:-:*:*:*:*:*:*",
"matchCriteriaId": "F6EB37C6-274D-420A-A870-508105E94A09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B02CA18F-9C74-4F42-8306-D41CAC6AF823",
"versionEndExcluding": "ahe160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:-:*:*:*:*:*:*",
"matchCriteriaId": "A6035D4E-3B1E-4882-AD00-622A5A14E428",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x220_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4A9615-D41C-4D0E-B2F0-2F7193F4FB95",
"versionEndExcluding": "kse158c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD06E939-3D9E-4254-B570-0C9D79E1A6EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x222_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "386977A4-311D-48AE-BD40-17F1349F4912",
"versionEndExcluding": "cce160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D66C4AB-D69B-4D90-9F47-C590048582EE",
"versionEndExcluding": "ahe160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x280_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "348B1A1E-5617-4EA1-B562-5605EE463AFC",
"versionEndExcluding": "n3e132w",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x280_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F33B121-C777-4D32-B601-B32E3D240761",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3C5FED-59D7-4EB9-BE2F-C0CB0266348D",
"versionEndExcluding": "cne162d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x480_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1AFF5F6-2183-448D-A43E-9F13E6219E8D",
"versionEndExcluding": "n3e132w",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x480_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2B5F19-EE82-4DA4-9ACD-505943C4EC8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x880_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7656DBE9-CC1A-441D-95CA-2DC524ECEDE0",
"versionEndExcluding": "n2e130e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x880_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BED0E10-71B6-4323-96F5-B98D4FE7C7AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "088D5D83-67AB-43C4-BFC8-F80F86B24DAA",
"versionEndExcluding": "fhe120d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10ECC957-AC46-4141-9587-2A61F5F0C8D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_water_cooled_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07F99BB6-2E71-44B0-8910-EE4945EAE096",
"versionEndExcluding": "fhe120d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10ECC957-AC46-4141-9587-2A61F5F0C8D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3100_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "075B4B38-E5F0-4B21-9F42-8571C2DE2710",
"versionEndExcluding": "jqe184c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A654AB-188E-47B2-8C6D-6EA5C824B75B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3100_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC44F64-B03F-4BF6-9D18-F800C95F486B",
"versionEndExcluding": "j9e134c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDF041-DA1B-4657-B86C-6509F3DA4415",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3250_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9A0EF2-F0DF-46EB-BBE1-5CE2A9F346F2",
"versionEndExcluding": "jqe184c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A1D29C-9491-4577-AB46-42924DB2B280",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3250_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9278E60-F61A-4BD6-974D-428F9328A97C",
"versionEndExcluding": "jue134c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD67192C-7833-40CB-9CCD-7ADBDC07BE47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3300_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B251FABB-7A74-4A00-9A6A-E1D5010F789F",
"versionEndExcluding": "yae156c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB437E6F-4A5B-4335-B6C3-0C061D630DF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3500_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0AEA8A-4BC9-46FC-A939-A72A4C2FBE47",
"versionEndExcluding": "y5e158c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "654187EE-51E9-4AC8-8563-9DD24BB97C5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3530_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EADB7945-EE70-42C6-91B6-F593CC246F4A",
"versionEndExcluding": "bee164c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "122C6446-D5A2-446F-89B7-FD6742A36CEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3550_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B343AFD4-F139-41CF-9BA1-8CC81AC5F94D",
"versionEndExcluding": "d7e166d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7F4041-3E49-4C34-BCF1-E924690E7947",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3630_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B811AAAD-7526-45DB-9506-2DF80EADD2BD",
"versionEndExcluding": "vve162c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59A6CC3F-EC19-408C-996E-AF260289F81B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73592E6B-511F-47DA-BE96-E485AB8B0C84",
"versionEndExcluding": "vve160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A50E12D4-7631-4FF3-9390-BE1893468310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_bd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED733CEF-494D-4770-8A9B-5AFDA89FC689",
"versionEndExcluding": "vve160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D37B42B3-A246-4C15-BC87-E821246EAF1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D526F5A8-6411-445E-9EAA-29AD7AD98834",
"versionEndExcluding": "vve160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66850147-3473-4092-A79B-B42BFEC652FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3750_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA3F56B-6163-4FEC-8BFC-8DC45928F175",
"versionEndExcluding": "koe160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E2C1FAF-46C5-4FB0-AA16-FB731CF77944",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3850_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D289168-1A35-48DA-8CA2-38DA52046CB3",
"versionEndExcluding": "a8e128c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74A84455-9F94-4934-93ED-623BC81A1406",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3950_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E50A5B5-5EAF-41C2-8FFF-430F8D13AC22",
"versionEndExcluding": "bee164c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27C8F43-4900-4A12-9A99-D833DDD51B6E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."
},
{
"lang": "es",
"value": "Se ha dejado sin establecer un bit de bloqueo de protecci\u00f3n de escritura tras el arranque en una generaci\u00f3n m\u00e1s antigua de los servidores x de Lenovo y IBM System, lo que podr\u00eda permitir que un atacante con acceso de administrador modifique el subconjunto de memoria flash que contiene Intel SPS (Server Platform Services) y los descriptores flash del sistema."
}
],
"id": "CVE-2018-9085",
"lastModified": "2024-11-21T04:14:56.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-16T14:29:00.427",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-19 14:29
Modified
2024-11-21 03:26
Severity ?
Summary
A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:integrated_management_module_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0304A99D-9E06-43AA-9D67-195BCA4D10E7",
"versionEndExcluding": "4.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68ED17ED-BE60-4EE3-9599-C88C3C7A626C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D89A2206-7012-4938-9BE2-ACF014E3F3B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC3467C-3F00-4EE3-B40E-3AE7F93094DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A78B63-6588-4C40-BEBB-88C8DF467A18",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145F0B3C-A945-443B-AB08-329F72358801",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70A2471-D476-4FB7-8D1F-FEE0E4BF460C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25A3A89F-CB39-4E76-BC64-3C4F4788FB8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:integrated_management_module_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E813F6-4EB2-4E3D-AD4D-7D8EB1BFB71D",
"versionEndExcluding": "6.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9180CC-F795-4B8D-B9BF-37488D352AC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C010052B-1EBD-4129-9DCE-077575B8286A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F02BE9-BA77-4DC2-AB7A-BF53FE3B7CA0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A0AABD-73B4-4311-9185-643DE173092E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C175A-0B5F-453D-A661-0AD955DB22C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A17A8F8-F833-4F5E-A0ED-CF01B1ABAA9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC450128-EDFE-4BD3-A87F-946EED1E0E39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29845B4B-04B8-4685-948F-4DD19C88D7AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7EABA0-ADB1-4A9B-AB96-FF6BB5720C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9642CB05-D7EE-4AFA-A28F-A6E7961A57EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A58320C-8C0B-4819-838A-AE31F9BFC70E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E3BC19-4A70-4225-91E4-1DAE6C1986E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "967EE555-D0BF-4505-BB9D-0A7A92E94889",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ED74FB-C819-4BD9-9986-2588FCC2D308",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDB4836-D812-4818-AC08-38EABD56F3EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad de desbordamiento de pila en el servicio de administraci\u00f3n web en Integrated Management Module 2 (IMM2), en versiones anteriores a la 4.70 empleadas en algunos servidores de Lenovo y en versiones anteriores a la 6.60 empleadas en algunos servidores de IBM. Un atacante que proporcione una combinaci\u00f3n de ID y contrase\u00f1a manipulados puede hacer que una porci\u00f3n de la rutina de autenticaci\u00f3n desborde su pila, lo que provoca una corrupci\u00f3n de la pila."
}
],
"id": "CVE-2017-3774",
"lastModified": "2024-11-21T03:26:06.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-19T14:29:00.357",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-19586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-19586"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-21 01:55
Modified
2024-11-21 01:54
Severity ?
Summary
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:integrated_management_module_2:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "365DA842-58EB-422E-9DE2-EDCA63BE0600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:integrated_management_module_2:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACD330F-69B2-4C9C-AF1E-14DDC84B6C68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_node_7955:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A537D2-61E1-44D1-BDCC-250E4FD42CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_node_8731:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A37D3256-F4C1-46B6-9168-C572321DDF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_node_8734:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C453D5-F8D3-4945-9880-61743E1949C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_direct_water_cooled_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA69662-2ED2-4CA7-BE7B-DEA1380A9EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46A6BD72-DC1E-4760-AFEE-9D1C8EE1C97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic."
},
{
"lang": "es",
"value": "Integrated Management Module (IMM) 2 1.00 hasta 2.00 de los servidores IBM System X y Flex System soporta conjuntos de cifrado SSL con claves cortas, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos romper la proteccion criptografica de los mecanismos de de cifrado a trav\u00e9s de (1) un ataque de fuerza bruta contra SSL o (2) El tr\u00e1fico TLS."
}
],
"id": "CVE-2013-4030",
"lastModified": "2024-11-21T01:54:44.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-21T01:55:03.480",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-20 00:29
Modified
2024-11-21 03:26
Severity ?
Summary
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/product_security/LEN-14054 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/product_security/LEN-14054 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:integrated_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA6D55A-5391-4B6F-A399-A0449A1EBD8B",
"versionEndIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68ED17ED-BE60-4EE3-9599-C88C3C7A626C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D89A2206-7012-4938-9BE2-ACF014E3F3B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC3467C-3F00-4EE3-B40E-3AE7F93094DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A78B63-6588-4C40-BEBB-88C8DF467A18",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145F0B3C-A945-443B-AB08-329F72358801",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70A2471-D476-4FB7-8D1F-FEE0E4BF460C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25A3A89F-CB39-4E76-BC64-3C4F4788FB8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_cx2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA2F515-2E29-4478-AE61-9C513CC6901B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_cx4200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC339542-79DA-45AB-B488-C99D1FEB8359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_cx4600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "987FB06B-F349-48D5-B46C-CF23BD6B6811",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "740F81FC-AD9F-4AA0-9A32-7363363B7AEC",
"versionEndIncluding": "6.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9180CC-F795-4B8D-B9BF-37488D352AC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C010052B-1EBD-4129-9DCE-077575B8286A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F02BE9-BA77-4DC2-AB7A-BF53FE3B7CA0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A0AABD-73B4-4311-9185-643DE173092E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C175A-0B5F-453D-A661-0AD955DB22C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A17A8F8-F833-4F5E-A0ED-CF01B1ABAA9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC450128-EDFE-4BD3-A87F-946EED1E0E39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29845B4B-04B8-4685-948F-4DD19C88D7AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7EABA0-ADB1-4A9B-AB96-FF6BB5720C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9642CB05-D7EE-4AFA-A28F-A6E7961A57EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A58320C-8C0B-4819-838A-AE31F9BFC70E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E3BC19-4A70-4225-91E4-1DAE6C1986E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "967EE555-D0BF-4505-BB9D-0A7A92E94889",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ED74FB-C819-4BD9-9986-2588FCC2D308",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDB4836-D812-4818-AC08-38EABD56F3EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands."
},
{
"lang": "es",
"value": "En el firmware IMM2 de los servidores Lenovo System x, los comandos remotos enviados por LXCA u otras utilidades pueden ser capturados en el registro del servicio First Failure Data Capture (FFDC) si el registro del servicio se genera cuando ese comando remoto est\u00e1 en ejecuci\u00f3n. Los datos de comando capturados podr\u00edan contener informaci\u00f3n de inicio de sesi\u00f3n en texto claro. Los usuarios autorizados que pueden capturar y exportar datos de registro del servicio FFDC podr\u00edan tener acceso a estos comandos remotos."
}
],
"id": "CVE-2017-3744",
"lastModified": "2024-11-21T03:26:03.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-20T00:29:00.330",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/product_security/LEN-14054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/product_security/LEN-14054"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-09 23:55
Modified
2024-11-21 01:54
Severity ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | bladecenter | hs22 | |
| ibm | bladecenter | hs22v | |
| ibm | bladecenter | hs23 | |
| ibm | bladecenter | hs23e | |
| ibm | bladecenter | hx5 | |
| ibm | flex_system_x220_compute_node | - | |
| ibm | flex_system_x240_compute_node | - | |
| ibm | flex_system_x440_compute_node | - | |
| ibm | system_x_idataplex_dx360_m2_server | - | |
| ibm | system_x_idataplex_dx360_m3_server | - | |
| ibm | system_x_idataplex_dx360_m4_server | - | |
| ibm | system_x3100_m4 | - | |
| ibm | system_x3200_m3 | - | |
| ibm | system_x3250_m3 | - | |
| ibm | system_x3250_m4 | - | |
| ibm | system_x3400_m2 | - | |
| ibm | system_x3400_m3 | - | |
| ibm | system_x3500_m2 | - | |
| ibm | system_x3500_m3 | - | |
| ibm | system_x3500_m4 | - | |
| ibm | system_x3530_m4 | - | |
| ibm | system_x3550_m2 | - | |
| ibm | system_x3550_m3 | - | |
| ibm | system_x3550_m4 | - | |
| ibm | system_x3620_m3 | - | |
| ibm | system_x3630_m3 | - | |
| ibm | system_x3630_m4 | - | |
| ibm | system_x3650_m2 | - | |
| ibm | system_x3650_m3 | - | |
| ibm | system_x3650_m4 | - | |
| ibm | system_x3690_x5 | - | |
| ibm | system_x3750_m4 | - | |
| ibm | system_x3850_x5 | - | |
| ibm | system_x3950_x5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
},
{
"lang": "es",
"value": "La implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, y System x3###, utiliza texto claro para el almacenamiento de contrase\u00f1as, lo que permite a atacantes, seg\u00fan el contexto, obtener informaci\u00f3n confidencial mediante la lectura de un archivo."
}
],
"id": "CVE-2013-4038",
"lastModified": "2024-11-21T01:54:45.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T23:55:02.890",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-22 16:29
Modified
2024-11-21 04:46
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-25667 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-25667 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53CEEB99-4678-4E88-998D-568125E34452",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x240_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96EDEC86-B1ED-429E-B81F-60D1E2B04343",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x280_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CAF102E-E6FE-42BF-A6FF-FE4B2CD0FECA",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0B3FD1-BEC8-44E3-83A6-7CA7DA0F4384",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x480_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC00496-EA80-4E04-BEDE-DB5BCD20238C",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x880_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF13D6E-F338-47B4-A92D-7D9CA4615C71",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68ED17ED-BE60-4EE3-9599-C88C3C7A626C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:nextscale_nx360_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B342CC-D7FD-4173-8244-B9DB6FBF9202",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3250_m6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF43263-734C-4CE7-B5F5-6D9BEE40B175",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D89A2206-7012-4938-9BE2-ACF014E3F3B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3500_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E518BC-C06D-4554-9AE3-358FBBFABB4E",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC3467C-3F00-4EE3-B40E-3AE7F93094DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3550_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD7FD7F-4A99-4618-B336-D9753A92035A",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A78B63-6588-4C40-BEBB-88C8DF467A18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3650_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF5439A-4576-4A26-BE88-D8184B186846",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145F0B3C-A945-443B-AB08-329F72358801",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3750_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1F9C5E-92D3-4DA6-9FD1-7F7857769C34",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3850_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7ACFF6-3E64-45A7-B1EB-DD26711064ED",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70A2471-D476-4FB7-8D1F-FEE0E4BF460C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3950_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86256CCB-9074-47CF-8673-36EE78BD0BCA",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25A3A89F-CB39-4E76-BC64-3C4F4788FB8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs22_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7FF63AE-6D07-4706-B647-CB041284FE51",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9180CC-F795-4B8D-B9BF-37488D352AC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEBC3C39-1088-4120-9476-263F952DEDE7",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C010052B-1EBD-4129-9DCE-077575B8286A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC7357C-32AB-41CE-BE3C-6B1E38223F4A",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F02BE9-BA77-4DC2-AB7A-BF53FE3B7CA0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x220_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A304B98A-7301-491B-884A-7EAF1E58D74D",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A0AABD-73B4-4311-9185-643DE173092E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x222_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5974137F-8076-4895-82CB-F49A0383DB16",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEFEF7E-2412-4F85-B588-E350B57C9261",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x280_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4DC1FB-C916-409E-ABB5-12CA496F2525",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C175A-0B5F-453D-A661-0AD955DB22C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B526782-CD71-4ADF-9307-2FCDEF40BF21",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x480_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D898109-92E6-4D53-892E-0CF2F4B25B05",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A17A8F8-F833-4F5E-A0ED-CF01B1ABAA9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x880_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C2B387-A83B-43F9-853A-9BBD9B599DF6",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC450128-EDFE-4BD3-A87F-946EED1E0E39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF4E346-2956-46EE-AF0E-562F408B5455",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29845B4B-04B8-4685-948F-4DD19C88D7AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_water_cooled_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F79F602B-E90D-4E3A-B19C-78CCF1E25431",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7EABA0-ADB1-4A9B-AB96-FF6BB5720C50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:nextscale_nx360_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5E15F9-AB92-44F6-B6C7-903C1EE019AC",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9642CB05-D7EE-4AFA-A28F-A6E7961A57EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3100_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E106FB-A40B-431A-88BD-BDC344D97237",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3100_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335A2396-B190-472B-8D14-028E24715B99",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A58320C-8C0B-4819-838A-AE31F9BFC70E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3250_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB640902-1AA1-4C2D-9E71-6DEB0C5C7F41",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3250_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C26DCBC-6771-4128-85F2-E9C784A9E477",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E3BC19-4A70-4225-91E4-1DAE6C1986E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3300_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D87C9465-CEC9-424C-B55D-B295BB92CEA4",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3500_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8C3782-EC28-46FE-99C2-1CEFF06CD6FC",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3530_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D97AB758-0B2E-404D-B86C-2091FA4F0020",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3550_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA158A3-4E4A-4184-A90C-78ED3B4191EC",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3630_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA5AA86-D0EF-495E-AA54-6EF74057449A",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60278935-F342-4010-92AE-6630BADB9F86",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_bd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "291AD362-BB37-4B4E-9E57-99893327AB24",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "967EE555-D0BF-4505-BB9D-0A7A92E94889",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0768D4A-6D7F-4DB6-AF22-F655FFC57ABC",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3750_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B414E1DD-1CE9-425D-BA12-C089A3B52EED",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3850_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "321CD3DF-BC7F-41D5-9EFA-F7F65D440484",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ED74FB-C819-4BD9-9986-2588FCC2D308",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3950_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D51F07-0074-410F-9E08-8EC442DB694D",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDB4836-D812-4818-AC08-38EABD56F3EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In various firmware versions of Lenovo System x, the integrated management module II (IMM2)\u0027s first failure data capture (FFDC) includes the web server\u0027s private key in the generated log file for support."
},
{
"lang": "es",
"value": "En varias versiones de firmware de Lenovo System x, First Failure Data Capture (FFDC) del m\u00f3dulo de administraci\u00f3n integrada II (IMM2) incluye la clave privada del servidor web dentro del archivo de registro generado para soporte."
}
],
"id": "CVE-2019-6157",
"lastModified": "2024-11-21T04:46:02.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-22T16:29:02.037",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-25667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-25667"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-25 20:29
Modified
2024-11-21 02:02
Severity ?
Summary
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E79924-953C-437C-9F1A-697347757BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "1B167F20-8A18-4B1A-B3E9-C8AF30880621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "2DBF53CB-7AF1-4070-A4CB-CC8EA9C3E88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "C6FEDBE1-2434-4686-A8F7-4439868D3C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD337EA-1F68-4390-BD28-7CE85843EEA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_7955:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51D9A841-A3CD-4A52-9DB3-4B7B1A843C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_8731:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33BDEAFA-2E2B-45D2-87DD-1659B641FBD9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD06E939-3D9E-4254-B570-0C9D79E1A6EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD264A5B-D6E8-470D-BBF1-58F68841D62E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C4E6E1-DA9E-4FA8-9F29-CF1596DECC3C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9642CB05-D7EE-4AFA-A28F-A6E7961A57EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA5A6D3-F3CF-4514-822D-C6CBD33FAF29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149."
},
{
"lang": "es",
"value": "Integrated Management Module II (IMM2) en sistemas IBM Flex System, NeXtScale, System x3xxx y System x iDataPlex podr\u00eda permitir que usuarios autenticados remotos obtengan informaci\u00f3n sensible de la cuenta mediante vectores relacionados con los datos generados de Service Advisor (FFDC). IBM X-Force ID: 91149."
}
],
"id": "CVE-2014-0882",
"lastModified": "2024-11-21T02:02:58.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-25T20:29:00.447",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/ht114525"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/ht114525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-22 16:29
Modified
2024-11-21 04:46
Severity ?
4.1 (Medium) - CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-25165 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-25165 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | bladecenter_hs23_firmware | * | |
| ibm | bladecenter_hs23 | - | |
| ibm | system_x3530_m4_firmware | * | |
| ibm | system_x3530_m4 | - | |
| ibm | system_x3630_m4_firmware | * | |
| ibm | system_x3630_m4 | - | |
| ibm | system_x3650_m4_hd_firmware | * | |
| ibm | system_x3650_m4_hd | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C47680DB-FA31-4261-BF61-FFAB6B39A175",
"versionEndExcluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C010052B-1EBD-4129-9DCE-077575B8286A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3530_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A60B72-DEDC-47C6-86B6-BEA65751745E",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3630_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85411F05-2916-47AE-A1C2-4A3BBD8C3A12",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0590A6B-3AE0-4C06-A614-5BEC880C06A2",
"versionEndExcluding": "2.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad potencial en un manipulador SMI en varias versiones de BIOS de ciertos sistemas legacy IBM System x e IBM BladeCenter que podr\u00eda conducir a la denegaci\u00f3n de servicio"
}
],
"id": "CVE-2019-6155",
"lastModified": "2024-11-21T04:46:02.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-22T16:29:01.973",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-25165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-25165"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-26 19:29
Modified
2024-11-21 04:14
Severity ?
Summary
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-20227 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-20227 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3AA4469-91DE-4F7B-A2CF-568C05F5E4AE",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x240_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "127A4CC7-08CE-46DF-8C98-7BE845DF2493",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x280_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01F45A40-2C91-4362-866F-C751E4E8507E",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE68A72-826C-4DB6-8ADF-04303B6D9F68",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x480_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F9B301-C6C4-4AE2-AEF7-035AD4A3D3A8",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x880_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "003631A2-F0BD-4F2D-853B-92AA80535811",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68ED17ED-BE60-4EE3-9599-C88C3C7A626C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:nextscale_nx360_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17771FAE-38EA-41A5-9C93-286642E08692",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3250_m6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D890D-79FE-43CA-881B-8B9FAB745B47",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D89A2206-7012-4938-9BE2-ACF014E3F3B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3500_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2393A517-E1FA-42AD-A40A-E1C00E135962",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC3467C-3F00-4EE3-B40E-3AE7F93094DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3550_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41F41191-D8A4-45A9-90B4-46A974DBEFB7",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A78B63-6588-4C40-BEBB-88C8DF467A18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3650_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F75B122F-C126-4726-9599-96F8ACDAEAAE",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145F0B3C-A945-443B-AB08-329F72358801",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3750_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF06210-2034-422B-884F-FAFFF9F5E7F5",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3850_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBFA57E-F2A7-4960-B388-A21F1C277A2B",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70A2471-D476-4FB7-8D1F-FEE0E4BF460C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3950_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "644708FB-7C30-4DB2-862A-E7AD8B9AC0A8",
"versionEndExcluding": "4.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25A3A89F-CB39-4E76-BC64-3C4F4788FB8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs22_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A49BE897-592D-491E-AB25-C641BE74A0C6",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9180CC-F795-4B8D-B9BF-37488D352AC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF33F7C1-7390-47CF-B1C4-30636F2FFC96",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C010052B-1EBD-4129-9DCE-077575B8286A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "485A886E-EE8B-47F7-AC39-A311544739C4",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F02BE9-BA77-4DC2-AB7A-BF53FE3B7CA0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x220_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96B8AE78-70F8-4961-B173-3BBE73EB80DD",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A0AABD-73B4-4311-9185-643DE173092E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x222_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDC859F-23B8-4EE6-B331-107B22E18417",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8001DD7C-3FA3-4FF1-88B2-FB2CDC97D6ED",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x280_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78BEDB5B-E5DE-42ED-84CD-B822EDBBD92D",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C175A-0B5F-453D-A661-0AD955DB22C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACDA1F4-DC48-44D2-832F-F8864049F46F",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x480_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C44899F-0F88-4881-BC82-69532673D85A",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A17A8F8-F833-4F5E-A0ED-CF01B1ABAA9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x880_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65601BD9-1BAF-4E61-B7D4-ADCB8A61E073",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC450128-EDFE-4BD3-A87F-946EED1E0E39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5491D7-AE3A-4060-AB2E-6CEDE3A466F1",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29845B4B-04B8-4685-948F-4DD19C88D7AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_water_cooled_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A529319C-0EF1-4D12-B032-74B985FF16C0",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7EABA0-ADB1-4A9B-AB96-FF6BB5720C50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:nextscale_nx360_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7D2A225-5C7D-4277-9DBB-1E186000E6D1",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9642CB05-D7EE-4AFA-A28F-A6E7961A57EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3100_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C76751-393A-46DE-A8EC-8129BA9582F6",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3100_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09D1B7F0-9908-47C3-8DB4-EC9657D0CCB0",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A58320C-8C0B-4819-838A-AE31F9BFC70E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3250_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D374BCB-AAD4-4E87-A0ED-6FAEC3A671EB",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3250_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A6F7B6-F230-450C-B2A1-0C9AABB7C834",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E3BC19-4A70-4225-91E4-1DAE6C1986E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3300_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74886C09-D9AC-4F5B-B5D5-CCCD477E43B8",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3500_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF3E405-B028-4EB7-AE49-797A55B201E0",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3530_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "671D194C-063A-4558-BC22-6BA0CFF5D0F1",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3550_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "687DAA9F-F10F-41AF-969D-7C4C773BD392",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3630_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "773D2239-ED51-4927-BE55-D25A95BD42D1",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D1D239-A124-4C7B-BDDC-E1F1130E07D7",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_bd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D95BBF-BC36-4F7A-83A1-C1C3A151AF6E",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "967EE555-D0BF-4505-BB9D-0A7A92E94889",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCA4009-4DA3-4DE5-B7E3-DAA17837D304",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3750_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F08B2B-A9E9-4FAA-9C51-2E3F84B24A59",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3850_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6141A253-B5CD-4A3C-9393-3CC2E0A41006",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ED74FB-C819-4BD9-9986-2588FCC2D308",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3950_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81C11DAA-A933-444F-AFC0-9AD8ABB2D79F",
"versionEndExcluding": "6.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDB4836-D812-4818-AC08-38EABD56F3EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI."
},
{
"lang": "es",
"value": "La funci\u00f3n IMM2 First Failure Data Capture recopila informaci\u00f3n de diagn\u00f3stico y registros de los m\u00f3dulos de gesti\u00f3n cuando se detecta un error de hardware. Esta informaci\u00f3n est\u00e1 disponible para su descarga mediante un servidor SFTP alojado en la interfaz de gesti\u00f3n de red de IMM2. En versiones anteriores a la 4.90 para Lenovo System y anteriores a la 6.80 para IBM System x, las credenciales para acceder al servidor SFTP est\u00e1n embebidas y se describen en la documentaci\u00f3n de IMM2. Esto permite que un atacante con acceso de gesti\u00f3n a la red obtenga los datos FFDC recopilados. Tras aplicar la actualizaci\u00f3n, IMM2 crear\u00e1 credenciales SFTP aleatorias para emplearlas con OneCLI."
}
],
"id": "CVE-2018-9068",
"lastModified": "2024-11-21T04:14:54.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-26T19:29:00.487",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20227"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2014-0882
Vulnerability from cvelistv5
Published
2018-04-25 20:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/ht114525"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-25T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/ht114525"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/ht114525",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/ht114525"
},
{
"name": "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/"
},
{
"name": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0882",
"datePublished": "2018-04-25T20:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4037
Vulnerability from cvelistv5
Published
2013-08-09 23:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86173 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4037",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4038
Vulnerability from cvelistv5
Published
2013-08-09 23:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86174 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4038",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6155
Vulnerability from cvelistv5
Published
2019-04-22 15:21
Modified
2024-09-16 18:24
Severity ?
EPSS score ?
Summary
A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/solutions/LEN-25165 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | IBM | System x BIOS |
Version: various |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-25165"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System x BIOS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "BladeCenter BIOS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2019-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-22T15:21:29",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-25165"
}
],
"source": {
"advisory": "LEN-25165",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-04-18T16:00:00.000Z",
"ID": "CVE-2019-6155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System x BIOS",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
},
{
"product_name": "BladeCenter BIOS",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-25165",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-25165"
}
]
},
"source": {
"advisory": "LEN-25165",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6155",
"datePublished": "2019-04-22T15:21:29.643053Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T18:24:36.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3768
Vulnerability from cvelistv5
Published
2018-01-26 19:00
Modified
2024-09-16 22:02
Severity ?
EPSS score ?
Summary
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-14450 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo Group Ltd. | Integrated Management Module 2 (IMM2) |
Version: Earlier than 4.4 for Lenovo System x Version: Earlier than 6.4 for IBM System x |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-14450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integrated Management Module 2 (IMM2)",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than 4.4 for Lenovo System x"
},
{
"status": "affected",
"version": "Earlier than 6.4 for IBM System x"
}
]
}
],
"datePublic": "2018-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-26T18:57:02",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-14450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2018-01-25T00:00:00",
"ID": "CVE-2017-3768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integrated Management Module 2 (IMM2)",
"version": {
"version_data": [
{
"version_value": "Earlier than 4.4 for Lenovo System x"
},
{
"version_value": "Earlier than 6.4 for IBM System x"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-14450",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-14450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2017-3768",
"datePublished": "2018-01-26T19:00:00Z",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-09-16T22:02:02.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3744
Vulnerability from cvelistv5
Published
2017-06-20 00:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/product_security/LEN-14054 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo Group Ltd. | Lenovo System x IMM2 |
Version: Lenovo System x IMM2 firmware versions earlier than 4.10 and IBM System x IMM2 firmware versions earlier than 6.20 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/product_security/LEN-14054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo System x IMM2",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Lenovo System x IMM2 firmware versions earlier than 4.10 and IBM System x IMM2 firmware versions earlier than 6.20"
}
]
}
],
"datePublic": "2017-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Disclosure of login credentials to user with local privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-19T23:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/product_security/LEN-14054"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2017-3744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo System x IMM2",
"version": {
"version_data": [
{
"version_value": "Lenovo System x IMM2 firmware versions earlier than 4.10 and IBM System x IMM2 firmware versions earlier than 6.20"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Disclosure of login credentials to user with local privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/product_security/LEN-14054",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/product_security/LEN-14054"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2017-3744",
"datePublished": "2017-06-20T00:00:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9085
Vulnerability from cvelistv5
Published
2018-11-16 14:00
Modified
2024-08-05 07:17
Severity ?
EPSS score ?
Summary
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-24477 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Lenovo | System x UEFI |
Version: unspecified < varies |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System x UEFI",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "varies",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "System x UEFI",
"vendor": "IBM",
"versions": [
{
"lessThan": "varies",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-16T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
],
"solutions": [
{
"lang": "en",
"value": "Update UEFI firmware"
}
],
"source": {
"advisory": "LEN-24477",
"discovery": "INTERNAL"
},
"title": "Missing System x Flash Memory Write Protection Lock Bit",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9085",
"STATE": "PUBLIC",
"TITLE": "Missing System x Flash Memory Write Protection Lock Bit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System x UEFI",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "varies"
}
]
}
}
]
},
"vendor_name": "Lenovo"
},
{
"product": {
"product_data": [
{
"product_name": "System x UEFI",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "varies"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24477",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update UEFI firmware"
}
],
"source": {
"advisory": "LEN-24477",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9085",
"datePublished": "2018-11-16T14:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6157
Vulnerability from cvelistv5
Published
2019-04-22 15:21
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/solutions/LEN-25667 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-25667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System x",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2019-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In various firmware versions of Lenovo System x, the integrated management module II (IMM2)\u0027s first failure data capture (FFDC) includes the web server\u0027s private key in the generated log file for support."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-22T15:21:29",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-25667"
}
],
"source": {
"advisory": "LEN-25667",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-04-18T16:00:00.000Z",
"ID": "CVE-2019-6157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System x",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In various firmware versions of Lenovo System x, the integrated management module II (IMM2)\u0027s first failure data capture (FFDC) includes the web server\u0027s private key in the generated log file for support."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-25667",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-25667"
}
]
},
"source": {
"advisory": "LEN-25667",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6157",
"datePublished": "2019-04-22T15:21:29.692559Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-17T00:06:19.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9068
Vulnerability from cvelistv5
Published
2018-07-26 19:00
Modified
2024-09-17 03:38
Severity ?
EPSS score ?
Summary
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-20227 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Lenovo Group Ltd. | System x IMM2 |
Version: firmware versions earlier than 4.90 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System x IMM2",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware versions earlier than 4.90"
}
]
},
{
"product": "System x IMM2",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions earlier than 6.80"
}
]
}
],
"datePublic": "2018-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-26T18:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2018-07-26T00:00:00",
"ID": "CVE-2018-9068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System x IMM2",
"version": {
"version_data": [
{
"version_value": "firmware versions earlier than 4.90"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
},
{
"product": {
"product_data": [
{
"product_name": "System x IMM2",
"version": {
"version_data": [
{
"version_value": "firmware versions earlier than 6.80"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-20227",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-20227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9068",
"datePublished": "2018-07-26T19:00:00Z",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-09-17T03:38:52.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4031
Vulnerability from cvelistv5
Published
2013-08-09 23:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86172 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4031",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4030
Vulnerability from cvelistv5
Published
2014-01-21 01:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86068 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4030",
"datePublished": "2014-01-21T01:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3774
Vulnerability from cvelistv5
Published
2018-04-19 14:00
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-19586 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Lenovo Group Ltd. | IMM2 |
Version: Earlier than 4.40 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:40.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-19586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IMM2",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than 4.40"
}
]
},
{
"product": "IMM2",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "Earlier than 6.60"
}
]
}
],
"datePublic": "2018-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack overflow leading to memory corruption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-19T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-19586"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2018-04-12T00:00:00",
"ID": "CVE-2017-3774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IMM2",
"version": {
"version_data": [
{
"version_value": "Earlier than 4.40"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
},
{
"product": {
"product_data": [
{
"product_name": "IMM2",
"version": {
"version_data": [
{
"version_value": "Earlier than 6.60"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack overflow leading to memory corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-19586",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-19586"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2017-3774",
"datePublished": "2018-04-19T14:00:00Z",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-09-16T16:48:19.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}