CVE-2020-8340

A cross-site scripting XSS vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 Integrated Management Module 2, prior to version 5.60, embedded Baseboard Management Controller BMC web interface during an internal security review. This vulnerability could allow JavaScript code t...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by multiple vulnerabilities in libssh2

Summary The following vulnerabilities in libssh2 have been addressed by IBM Integrated Management Module II IMM2. Vulnerability Details CVEID: CVE-2019-3857 DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSL (CVE-2012-4929)

Summary The following vulnerability in OpenSSL has been addressed by IBM Integrated Management Module II IMM2. Vulnerability Details CVEID: CVE-2012-4929 DESCRIPTION: The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome,Qt, and other products, can encrypt compressed data...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a vulnerability with the IPv6 networking support (CVE-2015-2922)

Summary The following vulnerability in IPv6 has been addressed by IBM Integrated Management Module II IMM2. Vulnerability Details CVEID: CVE-2015-2922 DESCRIPTION: Linux Kernel, built with the IPv6 networking supportCONFIGIPV6, is vulnerable to a denial of service, caused by the improper handling...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a libcurl security vulnerability (CVE-2019-5482)

Summary IBM Integrated Management Module II IMM2 is affected by a libcurl security vulnerability CVE-2019-5482 Vulnerability Details CVEID: CVE-2019-5482 DESCRIPTION: cURL libcurl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tftpreceivepacket function. ...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSH (CVE-2018-15919)

Summary The following vulnerability in OpenSSH has been addressed by IBM Integrated Management Module II IMM2. Vulnerability Details CVEID: CVE-2018-15919 DESCRIPTION: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of user...

CVE-2019-6157

In various firmware versions of Lenovo System x, the integrated management module II IMM2's first failure data capture FFDC includes the web server's private key in the generated log file for support...

Security Bulletin: Vulnerabilities in OpenSSL affect System x Integrated Management Module (IMM) (CVE-2015-0204, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by System x Integrated Management Module IMM. IMM has addressed the applicable CVEs...

Security Bulletin: Multiple vulnerabilities in Open SSL, OpenSSH and curl affect the Integrated Management Module II (IMM2)

Summary OpenSSL vulnerabilities were disclosed in August 2014. This bulletin also addresses curl vulnerabilities disclosed in July 2014, and OpenSSH vulnerabilities that were disclosed in April 2014. Vulnerability Details Summary OpenSSL vulnerabilities were disclosed in August 2014. This bulleti...

Security Bulletin: Vulnerability in RC4 stream cipher affects Integrated Management Module 2 (IMM2) (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" Attack for SSL/TLS affects Integrated Management Module 2 IMM2. Vulnerability Details Summary The RC4 "Bar Mitzvah" Attack for SSL/TLS affects Integrated Management Module 2 IMM2. Vulnerability Details CVE-ID: CVE-2015-2808 Description: The RC4 algorithm, as used in...

Security Bulletin: Vulnerabilities in OpenSSL affect System x Integrated Management Module (IMM) (CVE-2015-0204)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by System x Integrated Management Module IMM. IMM hasaddressed the applicable CVEs...

IMM2 Information Disclosure Vulnerability in Multiple IBM Products

IBM Flex System x220 Compute Node and others are different series of server devices from IBM Corporation in the U.S. Integrated Management Module II IMM2 is one of the integrated management modules. A security vulnerability exists in IMM2 in several IBM products. A remote attacker could exploit...

CVE-2017-3774

A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 IMM2 earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination...

CVE-2017-3768

An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x. Flooding the IMM2 with a high volume of authentication failures via the Common Information Model CIM used ...

Using Flash upload loopholes to penetrate a server-vulnerability warning-the black bar safety net

Now a lot of sites in order to pursue the image, on the site home page using Flash rotate display, and some use the picture show;the site of the most core things content, in order to keep the site effect, and therefore will frequently update the picture or flash file in website background design...