Lucene search

K

Flex System X480 X6 Security Vulnerabilities

cve
cve

CVE-2020-8340

A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript...

6.3CVSS

5.8AI Score

0.001EPSS

2020-09-15 03:15 PM
18
cve
cve

CVE-2019-6157

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for...

7.5CVSS

7.5AI Score

0.002EPSS

2019-04-22 04:29 PM
26
cve
cve

CVE-2018-9085

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash...

4.9CVSS

4.8AI Score

0.001EPSS

2018-11-16 02:29 PM
31
cve
cve

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for...

7.5CVSS

7.2AI Score

0.002EPSS

2018-07-26 07:29 PM
30
cve
cve

CVE-2017-3775

Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned...

6.4CVSS

6.2AI Score

0.001EPSS

2018-05-04 05:29 PM
36
cve
cve

CVE-2017-3774

A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password...

9.8CVSS

9.5AI Score

0.003EPSS

2018-04-19 02:29 PM
22
cve
cve

CVE-2017-3768

An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM)...

7.5CVSS

7.4AI Score

0.001EPSS

2018-01-26 07:29 PM
23
cve
cve

CVE-2017-3744

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login...

6.5CVSS

6.7AI Score

0.001EPSS

2017-06-20 12:29 AM
17
cve
cve

CVE-2016-8226

The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data...

4.9CVSS

5AI Score

0.001EPSS

2017-01-26 05:59 PM
21