26 matches found
EUVD-2016-9074
Malware in sbrugna...
EUVD-2018-20671
Malware in sbrugna...
EUVD-2017-12861
Malware in sbrugna...
EUVD-2017-12885
Malware in sbrugna...
EUVD-2017-12892
Malware in sbrugna...
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by information disclosure vulnerability (CVE-2019-6157)
Summary IBM Integrated Management Module II IMM2 has addressed the following information disclosure vulnerability. Vulnerability Details CVEID: CVE-2019-6157 DESCRIPTION: Lenovo System x could allow a local attacker to obtain sensitive information, caused by an issue with including private key...
CVE-2019-6157
In various firmware versions of Lenovo System x, the integrated management module II IMM2's first failure data capture FFDC includes the web server's private key in the generated log file for support...
CVE-2019-6157
In various firmware versions of Lenovo System x, the integrated management module II IMM2's first failure data capture FFDC includes the web server's private key in the generated log file for support...
Missing System x Flash Memory Write Protection Lock Bit
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services SPS and the system Flash Descriptors...
CVE-2018-9068
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...
CVE-2018-9068
The CVE-2018-9068 issue affects IBM/Lenovo Integrated Management Module II (IMM2) FFDC data disclosure. In affected IMM2 firmware (Lenovo System x prior to 4.90 and IBM System x prior to 6.80), the SFTP server used for FFDC data access used hard-coded credentials described in the IMM2 documentati...
CVE-2018-9068
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...
CVE-2017-3775
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code...
CVE-2017-3775
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code...
Lenovo System x-Series and IBM System x-Series Denial of Service Vulnerabilities
Lenovo System x is a server from Lenovo in China.IBM System x is a server from IBM in the United States. A security vulnerability exists in the Lenovo System x series prior to version 4.4 and the IBM System x series prior to version 6.4. An attacker could exploit this vulnerability to cause a...
Authentication flaw
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x. Flooding the IMM2 with a high volume of authentication failures via the Common Information Model CIM used ...
CVE-2017-3768
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x. Flooding the IMM2 with a high volume of authentication failures via the Common Information Model CIM used ...
CVE-2017-3768
CVE-2017-3768 affects IBM IMM2 (System x, Flex, BladeCenter) and Lenovo System x variants. A remote, unprivileged attacker with CIM connectivity can flood IMM2 with authentication failures, exhausting memory and causing the device to reboot. Affected versions are Lenovo System x (pre-4.4) and IBM...
Lenovo System x IMM2 Firmware Certificate Acquisition Vulnerability
Lenovo System x IMM2 is the firmware used in Lenovo servers in which it provides remote monitoring and control of the server. The Lenovo System x IMM2 has a security vulnerability that can be exploited by an attacker to obtain login credentials...
CVE-2017-3744
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture FFDC service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information...