Vulnerabilites related to ibm - integrated_management_module_firmware
cve-2017-3744
Vulnerability from cvelistv5
Published
2017-06-20 00:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/product_security/LEN-14054 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | Lenovo System x IMM2 |
Version: Lenovo System x IMM2 firmware versions earlier than 4.10 and IBM System x IMM2 firmware versions earlier than 6.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/product_security/LEN-14054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo System x IMM2",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Lenovo System x IMM2 firmware versions earlier than 4.10 and IBM System x IMM2 firmware versions earlier than 6.20"
}
]
}
],
"datePublic": "2017-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Disclosure of login credentials to user with local privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-19T23:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/product_security/LEN-14054"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2017-3744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo System x IMM2",
"version": {
"version_data": [
{
"version_value": "Lenovo System x IMM2 firmware versions earlier than 4.10 and IBM System x IMM2 firmware versions earlier than 6.20"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Disclosure of login credentials to user with local privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/product_security/LEN-14054",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/product_security/LEN-14054"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2017-3744",
"datePublished": "2017-06-20T00:00:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0882
Vulnerability from cvelistv5
Published
2018-04-25 20:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/ht114525"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-25T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/ht114525"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/ht114525",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/ht114525"
},
{
"name": "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/"
},
{
"name": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0882",
"datePublished": "2018-04-25T20:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0881
Vulnerability from cvelistv5
Published
2018-04-25 20:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/ht114524"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-tpm-on-the-integrated-management-module-ii-imm2-of-flex-system-x222-compute-node-is-not-configured-correctly-cve-2014-0881/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-25T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/ht114524"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-tpm-on-the-integrated-management-module-ii-imm2-of-flex-system-x222-compute-node-is-not-configured-correctly-cve-2014-0881/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094725"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/ht114524",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/ht114524"
},
{
"name": "https://www.ibm.com/blogs/psirt/security-bulletin-tpm-on-the-integrated-management-module-ii-imm2-of-flex-system-x222-compute-node-is-not-configured-correctly-cve-2014-0881/",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-tpm-on-the-integrated-management-module-ii-imm2-of-flex-system-x222-compute-node-is-not-configured-correctly-cve-2014-0881/"
},
{
"name": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094725",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094725"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0881",
"datePublished": "2018-04-25T20:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0860
Vulnerability from cvelistv5
Published
2014-07-07 10:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90880 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-bladecenter-cve20140860-info-disc(90880)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-bladecenter-cve20140860-info-disc(90880)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-bladecenter-cve20140860-info-disc(90880)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0860",
"datePublished": "2014-07-07T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-07-07 11:01
Modified
2024-11-21 02:02
Severity ?
Summary
The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEE77E6-DC53-4710-9584-FD2CEACB46BE",
"versionEndIncluding": "1.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:integrated_management_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA49FD93-328A-4E60-8BD1-817936DE2E82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E920A51B-0382-4474-870C-C6AD285FA6DF",
"versionEndIncluding": "3.65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "357307A8-421E-4433-A985-505565B0830A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D348D34E-1379-4CBA-A21C-3E13DA279A5F",
"versionEndIncluding": "3.65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:integrated_management_module_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE67F95-2ECE-4BF5-8E4B-2D6390160FCE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface."
},
{
"lang": "es",
"value": "El firmware anterior a 3.66E en IBM BladeCenter Advanced Management Module (AMM), el firmware anterior a 1.43 en IBM Integrated Management Module (IMM), y el firmware anterior a 4.15 en IBM Integrated Management Module II (IMM2) contiene los credenciales IPMI en texto claro, lo que permite a atacantes remotos ejecutar comandos IPMI arbitrarios, y como consecuencia establecer una sesi\u00f3n de control remoto blade, mediante el aprovechamiento del acceso a (1) el chassis internal network o (2) la interfaz \u0027Ethernet-over-USB\u0027."
}
],
"id": "CVE-2014-0860",
"lastModified": "2024-11-21T02:02:55.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-07T11:01:28.680",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-20 00:29
Modified
2024-11-21 03:26
Severity ?
Summary
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/product_security/LEN-14054 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/product_security/LEN-14054 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:integrated_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA6D55A-5391-4B6F-A399-A0449A1EBD8B",
"versionEndIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68ED17ED-BE60-4EE3-9599-C88C3C7A626C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D89A2206-7012-4938-9BE2-ACF014E3F3B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC3467C-3F00-4EE3-B40E-3AE7F93094DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A78B63-6588-4C40-BEBB-88C8DF467A18",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145F0B3C-A945-443B-AB08-329F72358801",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70A2471-D476-4FB7-8D1F-FEE0E4BF460C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25A3A89F-CB39-4E76-BC64-3C4F4788FB8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_cx2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA2F515-2E29-4478-AE61-9C513CC6901B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_cx4200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC339542-79DA-45AB-B488-C99D1FEB8359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_cx4600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "987FB06B-F349-48D5-B46C-CF23BD6B6811",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "740F81FC-AD9F-4AA0-9A32-7363363B7AEC",
"versionEndIncluding": "6.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9180CC-F795-4B8D-B9BF-37488D352AC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C010052B-1EBD-4129-9DCE-077575B8286A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F02BE9-BA77-4DC2-AB7A-BF53FE3B7CA0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A0AABD-73B4-4311-9185-643DE173092E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C175A-0B5F-453D-A661-0AD955DB22C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A17A8F8-F833-4F5E-A0ED-CF01B1ABAA9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC450128-EDFE-4BD3-A87F-946EED1E0E39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29845B4B-04B8-4685-948F-4DD19C88D7AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7EABA0-ADB1-4A9B-AB96-FF6BB5720C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9642CB05-D7EE-4AFA-A28F-A6E7961A57EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A58320C-8C0B-4819-838A-AE31F9BFC70E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E3BC19-4A70-4225-91E4-1DAE6C1986E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "967EE555-D0BF-4505-BB9D-0A7A92E94889",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ED74FB-C819-4BD9-9986-2588FCC2D308",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDB4836-D812-4818-AC08-38EABD56F3EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands."
},
{
"lang": "es",
"value": "En el firmware IMM2 de los servidores Lenovo System x, los comandos remotos enviados por LXCA u otras utilidades pueden ser capturados en el registro del servicio First Failure Data Capture (FFDC) si el registro del servicio se genera cuando ese comando remoto est\u00e1 en ejecuci\u00f3n. Los datos de comando capturados podr\u00edan contener informaci\u00f3n de inicio de sesi\u00f3n en texto claro. Los usuarios autorizados que pueden capturar y exportar datos de registro del servicio FFDC podr\u00edan tener acceso a estos comandos remotos."
}
],
"id": "CVE-2017-3744",
"lastModified": "2024-11-21T03:26:03.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-20T00:29:00.330",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/product_security/LEN-14054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/product_security/LEN-14054"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-25 20:29
Modified
2024-11-21 02:02
Severity ?
Summary
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E79924-953C-437C-9F1A-697347757BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "1B167F20-8A18-4B1A-B3E9-C8AF30880621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "2DBF53CB-7AF1-4070-A4CB-CC8EA9C3E88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "C6FEDBE1-2434-4686-A8F7-4439868D3C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD337EA-1F68-4390-BD28-7CE85843EEA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_7955:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51D9A841-A3CD-4A52-9DB3-4B7B1A843C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_8731:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33BDEAFA-2E2B-45D2-87DD-1659B641FBD9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD06E939-3D9E-4254-B570-0C9D79E1A6EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD264A5B-D6E8-470D-BBF1-58F68841D62E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C4E6E1-DA9E-4FA8-9F29-CF1596DECC3C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9642CB05-D7EE-4AFA-A28F-A6E7961A57EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA5A6D3-F3CF-4514-822D-C6CBD33FAF29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149."
},
{
"lang": "es",
"value": "Integrated Management Module II (IMM2) en sistemas IBM Flex System, NeXtScale, System x3xxx y System x iDataPlex podr\u00eda permitir que usuarios autenticados remotos obtengan informaci\u00f3n sensible de la cuenta mediante vectores relacionados con los datos generados de Service Advisor (FFDC). IBM X-Force ID: 91149."
}
],
"id": "CVE-2014-0882",
"lastModified": "2024-11-21T02:02:58.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-25T20:29:00.447",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/ht114525"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/ht114525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-25 20:29
Modified
2024-11-21 02:02
Severity ?
Summary
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | integrated_management_module_firmware | * | |
| ibm | flex_system_x222 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F01925D-78D1-4F92-92C4-DAAD6CE4105A",
"versionEndIncluding": "3.56",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x222:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2573005F-810D-463C-BAA4-319500EE5471",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146."
},
{
"lang": "es",
"value": "El TPM en Integrated Management Module II (IMM2) en los servidores IBM Flex System x222 con firmware desde la versi\u00f3n 1.00 hasta la 3.56 permite que atacantes remotos obtengan informaci\u00f3n sensible clave o provoquen una denegaci\u00f3n de servicio (DoS) aprovechando una configuraci\u00f3n incorrecta. IBM X-Force ID: 91146."
}
],
"id": "CVE-2014-0881",
"lastModified": "2024-11-21T02:02:58.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-25T20:29:00.370",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/ht114524"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-tpm-on-the-integrated-management-module-ii-imm2-of-flex-system-x222-compute-node-is-not-configured-correctly-cve-2014-0881/"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/ht114524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-tpm-on-the-integrated-management-module-ii-imm2-of-flex-system-x222-compute-node-is-not-configured-correctly-cve-2014-0881/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094725"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}