Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-6157
HistoryApr 22, 2019 - 4:29 p.m.

CVE-2019-6157

2019-04-2216:29:02
CWE-532
[email protected]
web.nvd.nist.gov
26
cve-2019-6157
lenovo
system x
firmware
private key
ffdc
log
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.2%

JSON

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server’s private key in the generated log file for support.

Affected configurations

NVD
Node
lenovoflex_system_x240_m4_firmwareRange<5.30
AND
lenovoflex_system_x240_m4Match-
Node
lenovoflex_system_x240_m5_firmwareRange<5.30
AND
lenovoflex_system_x240_m5Match-
Node
lenovoflex_system_x280_x6_firmwareRange<5.30
AND
lenovoflex_system_x280_x6Match-
Node
lenovoflex_system_x440_m4_firmwareRange<5.30
AND
lenovoflex_system_x440_m4Match-
Node
lenovoflex_system_x480_x6_firmwareRange<5.30
AND
lenovoflex_system_x480_x6Match-
Node
lenovoflex_system_x880_firmwareRange<5.30
AND
lenovoflex_system_x880Match-
Node
lenovonextscale_nx360_m5_firmwareRange<5.30
AND
lenovonextscale_nx360_m5Match-
Node
lenovosystem_x3250_m6_firmwareRange<5.30
AND
lenovosystem_x3250_m6Match-
Node
lenovosystem_x3500_m5_firmwareRange<5.30
AND
lenovosystem_x3500_m5Match-
Node
lenovosystem_x3550_m5_firmwareRange<5.30
AND
lenovosystem_x3550_m5Match-
Node
lenovosystem_x3650_m5_firmwareRange<5.30
AND
lenovosystem_x3650_m5Match-
Node
lenovosystem_x3750_m4_firmwareRange<5.30
AND
lenovosystem_x3750_m4Match-
Node
lenovosystem_x3850_x6_firmwareRange<5.30
AND
lenovosystem_x3850_x6Match-
Node
lenovosystem_x3950_x6_firmwareRange<5.30
AND
lenovosystem_x3950_x6Match-
Node
ibmbladecenter_hs22_firmwareRange<7.20
AND
ibmbladecenter_hs22Match-
Node
ibmbladecenter_hs23_firmwareRange<7.20
AND
ibmbladecenter_hs23Match-
Node
ibmbladecenter_hs23e_firmwareRange<7.20
AND
ibmbladecenter_hs23eMatch-
Node
ibmflex_system_x220_m4_firmwareRange<7.20
AND
ibmflex_system_x220_m4Match-
Node
ibmflex_system_x222_m4_firmwareRange<7.20
AND
ibmflex_system_x222_m4Match-
Node
ibmflex_system_x240_m4_firmwareRange<7.20
AND
ibmflex_system_x240_m4Match-
Node
ibmflex_system_x280_m4_firmwareRange<7.20
AND
ibmflex_system_x280_m4Match-
Node
ibmflex_system_x440_m4_firmwareRange<7.20
AND
ibmflex_system_x440_m4Match-
Node
ibmflex_system_x480_m4_firmwareRange<7.20
AND
ibmflex_system_x480_m4Match-
Node
ibmflex_system_x880_m4_firmwareRange<7.20
AND
ibmflex_system_x880_m4Match-
Node
ibmidataplex_dx360_m4_firmwareRange<7.20
AND
ibmidataplex_dx360_m4Match-
Node
ibmidataplex_dx360_m4_water_cooled_firmwareRange<7.20
AND
ibmidataplex_dx360_m4_water_cooledMatch-
Node
ibmnextscale_nx360_m4_firmwareRange<7.20
AND
ibmnextscale_nx360_m4Match-
Node
ibmsystem_x3100_m4_firmwareRange<7.20
AND
ibmsystem_x3100_m4Match-
Node
ibmsystem_x3100_m5_firmwareRange<7.20
AND
ibmsystem_x3100_m5Match-
Node
ibmsystem_x3250_m4_firmwareRange<7.20
AND
ibmsystem_x3250_m4Match-
Node
ibmsystem_x3250_m5_firmwareRange<7.20
AND
ibmsystem_x3250_m5Match-
Node
ibmsystem_x3300_m4_firmwareRange<7.20
AND
ibmsystem_x3300_m4Match-
Node
ibmsystem_x3500_m4_firmwareRange<7.20
AND
ibmsystem_x3500_m4Match-
Node
ibmsystem_x3530_m4_firmwareRange<7.20
AND
ibmsystem_x3530_m4Match-
Node
ibmsystem_x3550_m4_firmwareRange<7.20
AND
ibmsystem_x3550_m4Match-
Node
ibmsystem_x3630_m4_firmwareRange<7.20
AND
ibmsystem_x3630_m4Match-
Node
ibmsystem_x3650_m4_firmwareRange<7.20
AND
ibmsystem_x3650_m4Match-
Node
ibmsystem_x3650_m4_bd_firmwareRange<7.20
AND
ibmsystem_x3650_m4_bdMatch-
Node
ibmsystem_x3650_m4_hd_firmwareRange<7.20
AND
ibmsystem_x3650_m4_hdMatch-
Node
ibmsystem_x3750_m4_firmwareRange<7.20
AND
ibmsystem_x3750_m4Match-
Node
ibmsystem_x3850_x6_firmwareRange<7.20
AND
ibmsystem_x3850_x6Match-
Node
ibmsystem_x3950_x6_firmwareRange<7.20
AND
ibmsystem_x3950_x6Match-

CNA Affected

[
  {
    "product": "System x",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

Related

lenovo 2
ibm 1
prion 1
nvd 1
cvelist 1
lenovo
lenovo
IMM2 FFDC includes Private Key - Lenovo Support NL
2019-04-17 19:15:34
IMM2 FFDC includes Private Key - US
2019-04-17 19:15:34
ibm
ibm
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by information disclosure vulnerability (CVE-2019-6157)
2023-12-07 22:45:02
prion
prion
Design/Logic Flaw
2019-04-22 16:29:00
nvd
nvd
CVE-2019-6157
2019-04-22 16:29:02
cvelist
cvelist
CVE-2019-6157
2019-04-18 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.2%

JSON
Related for CVE-2019-6157
lenovo2ibm1prion1nvd1cvelist1