Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Flex System X880 X6 Firmware Security Vulnerabilities

cve
cve

CVE-2020-8340

A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript...

6.3CVSS

5.8AI Score

0.001EPSS

2020-09-15 03:15 PM
18
cve
cve

CVE-2019-6157

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for...

7.5CVSS

7.5AI Score

0.002EPSS

2019-04-22 04:29 PM
26
cve
cve

CVE-2018-9085

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash...

4.9CVSS

4.8AI Score

0.001EPSS

2018-11-16 02:29 PM
31
cve
cve

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for...

7.5CVSS

7.2AI Score

0.002EPSS

2018-07-26 07:29 PM
30
cve
cve

CVE-2017-3768

An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM)...

7.5CVSS

7.4AI Score

0.001EPSS

2018-01-26 07:29 PM
23
cve
cve

CVE-2017-3744

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login...

6.5CVSS

6.7AI Score

0.001EPSS

2017-06-20 12:29 AM
17
cve
cve

CVE-2014-4768

IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot...

6.3AI Score

0.001EPSS

2015-06-28 10:59 PM
20