CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
52.1%
IBM Integrated Management Module II (IMM2) has addressed the following information disclosure vulnerability.
CVEID: CVE-2019-6157 DESCRIPTION: Lenovo System x could allow a local attacker to obtain sensitive information, caused by an issue with including private key information in log file in the integrated management module II (IMM2). By accessing the log file, an attacker could exploit this vulnerability to obtain private key information, and use this information to launch further attacks against the affected system.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159886> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Product
|
Affected Version
—|—
IBM Integrated Management Module II (IMM2) for System x & Flex Systems
|
1AOO
IBM Integrated Management Module II (IMM2) for BladeCenter Systems
|
1AOO
Firmware fix versions are available on Fix Central: http://www.ibm.com/support/fixcentral/
Product
|
Fix Version
—|—
IBM Integrated Management Module II (IMM2) for System x & Flex Systems
(ibm_fw_imm2_1aoo88b-7.20_anyos_noarch)
|
1AOO88B-7.20
IBM Integrated Management Module II (IMM2) for BladeCenter Systems
(ibm_fw_imm2_1aoo88b-7.20-bc_anyos_noarch)
|
1AOO88B-7.20-bc
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | system_x_idataplex_dx360_m2_server | any | cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:any:*:*:*:*:*:*:* |
ibm | flex_system_manager | any | cpe:2.3:a:ibm:flex_system_manager:any:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
52.1%