Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMABD27734F824C0DDB3A830BA7C027BB65573CE2560EA9083918598E6C840A7EE
HistoryJan 24, 2019 - 12:40 p.m.

Security Bulletin: TPM on the Integrated Management Module II (IMM2) of Flex System x222 compute node is not configured correctly (CVE-2014-0881)

2019-01-2412:40:01
www.ibm.com
10

0.004 Low

EPSS

Percentile

74.6%

JSON

Summary

The IMM2 TPM on the Flex System x222 compute node is not configured correctly which can be exploited to steal keys or to perform β€˜denial of service’ type attacks.

Vulnerability Details

Abstract

The IMM2 TPM on the Flex System x222 compute node is not configured correctly which can be exploited to steal keys or to perform β€˜denial of service’ type attacks.

Content

Vulnerability Details:

CVE ID: CVE-2014-0881 Description:
The TPM of the IMM2 on the Flex System x222 compute node is not configured correctly. TPMs are used to store keys for crypto, attestation values and other security related items. An attacker who found other means to compromise other layers of IMM2 security may then be able to expose TPM data or cause TPM denial of service.

CVSS Base Score: 4.6
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/91146&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected products and versions

Flex System x222 compute node Firmware 1.00 to 3.56 (1AOO10I to 1AOO50K)

Remediation:

IBM recommends updating to the following firmware level or later. Firmware updates are available through IBM Fix Central.

  • Firmware version 3.78 (1AOO52Y)

References:

Related Information:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Acknowledgement
None

Change History
28 February 2014: Original Copy Published

  • The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an β€œindustry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES β€œAS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related

cve 1
cvelist 1
nvd 1
prion 1
cve
cve
CVE-2014-0881
2018-04-25 20:29:00
cvelist
cvelist
CVE-2014-0881
2018-04-25 20:00:00
nvd
nvd
CVE-2014-0881
2018-04-25 20:29:00
prion
prion
Design/Logic Flaw
2018-04-25 20:29:00

0.004 Low

EPSS

Percentile

74.6%

JSON
Related for ABD27734F824C0DDB3A830BA7C027BB65573CE2560EA9083918598E6C840A7EE
cve1cvelist1nvd1prion1