Lucene search
K

56 matches found

CVE
CVE
added 2021/03/09 4:15 p.m.43 views

CVE-2021-3417

Lenovo XClarity Orchestrator (LXCO) prior to 1.2.2 stores LXCA credentials in internal logs: when LXCA is added as a Resource Manager, credentials are encoded and written to the FFDC/service log, which is only accessible to the privileged LXCO user who requested the file. No exploitation details ...

4.9CVSS5.1AI score0.00542EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/03/09 4:15 p.m.24 views

CVE-2021-3417

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator LXCA, if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in...

4.9CVSS5.4AI score0.00542EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/03/09 4:15 p.m.21 views

CVE-2020-8356

An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture FFDC service log. The FFDC...

4.9CVSS5.1AI score0.00542EPSS
Exploits0References1
NVD
NVD
added 2021/02/10 9:15 p.m.24 views

CVE-2020-8355

An internal product security audit of Lenovo XClarity Administrator LXCA prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture FFDC service log if the service log is...

4.9CVSS0.00511EPSS
Exploits0References1
CVE
CVE
added 2021/02/10 9:5 p.m.51 views

CVE-2020-8355

Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 exposes Windows OS credentials used for driver updates in the First Failure Data Capture (FFDC) service log if the log is generated during endpoint updates. The log is only created by a privileged LXCA user, access is limited to that use...

4.9CVSS5.1AI score0.00511EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/10 9:5 p.m.37 views

CVE-2020-8355

An internal product security audit of Lenovo XClarity Administrator LXCA prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture FFDC service log if the service log is...

4.9CVSS5.2AI score0.00511EPSS
Exploits0References1
Prion
Prion
added 2020/03/13 4:15 p.m.23 views

Design/Logic Flaw

An internal product security audit of Lenovo XClarity Administrator LXCA discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are...

3.6CVSS6.3AI score0.00306EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/04/22 4:29 p.m.15 views

CVE-2019-6157

In various firmware versions of Lenovo System x, the integrated management module II IMM2's first failure data capture FFDC includes the web server's private key in the generated log file for support...

7.5CVSS7AI score0.01346EPSS
Exploits0References1
CVE
CVE
added 2019/04/22 3:21 p.m.58 views

CVE-2019-6157

CVE-2019-6157 affects Lenovo System x IMM2: FFDC logs may include the web server private key, enabling information disclosure. Affected product lines include IMM2 in System x & BladeCenter; root cause is improper handling of private key data in FFDC logs. IBM IBM X-Force/IBM bulletin and Lenovo L...

7.5CVSS7.5AI score0.01346EPSS
Exploits0References1Affected Software1
Lenovo
Lenovo
added 2019/04/17 7:15 p.m.39 views

IMM2 FFDC includes Private Key - US

Lenovo Security Advisory: LEN-25667 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6157 Summary Description: In Lenovo System x, the integrated management module II IMM2's first failure data capture FFDC includes the web server'...

5CVSS2.8AI score0.01346EPSS
Exploits0
Prion
Prion
added 2018/11/27 2:29 p.m.20 views

Code injection

In System Management Module SMM versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file...

4.3CVSS7.9AI score0.00872EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/11/27 2:29 p.m.5 views

CVE-2018-16092

In System Management Module SMM versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file...

8.1CVSS5.8AI score0.00872EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/11/27 2:0 p.m.18 views

CVE-2018-16092 System Management Module Vulnerabilities

In System Management Module SMM versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file...

8.1AI score0.00872EPSS
Exploits0References1
CVE
CVE
added 2018/11/27 2:0 p.m.49 views

CVE-2018-16092

CVE-2018-16092 affects Lenovo System Management Module (SMM) firmware prior to 1.06. The FFDC feature collects SMM system files, including sensitive data such as SMM user credentials and the system shadow file. This exposure could lead to confidentiality impact if FFDC data is accessed or misused...

8.1CVSS8AI score0.00872EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/07/26 7:0 p.m.29 views

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

7.2AI score0.01053EPSS
Exploits0References1
CVE
CVE
added 2018/07/26 7:0 p.m.58 views

CVE-2018-9068

The CVE-2018-9068 issue affects IBM/Lenovo Integrated Management Module II (IMM2) FFDC data disclosure. In affected IMM2 firmware (Lenovo System x prior to 4.90 and IBM System x prior to 6.80), the SFTP server used for FFDC data access used hard-coded credentials described in the IMM2 documentati...

7.5CVSS7.2AI score0.01053EPSS
Exploits0References1Affected Software1
Lenovo
Lenovo
added 2018/07/26 4:55 p.m.500 views

Integrated Management Module 2 (IMM2) First Failure Data Capture (FFDC) Information Disclosure - US

Lenovo Security Advisory: LEN-20227 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9068 Summary Description: The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware...

2.4AI score0.01053EPSS
Exploits0
NVD
NVD
added 2017/06/20 12:29 a.m.15 views

CVE-2017-3744

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture FFDC service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information...

6.5CVSS6.8AI score0.00842EPSS
Exploits0References1
Prion
Prion
added 2017/06/20 12:29 a.m.15 views

Design/Logic Flaw

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture FFDC service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information...

4CVSS6.7AI score0.00842EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/06/20 12:0 a.m.43 views

CVE-2017-3744

CVE-2017-3744 affects Lenovo System x IMM2 firmware. Remote commands issued by LXCA/other utilities may be logged in the FFDC service log, potentially exposing clear-text login information to authorized users who can capture/export FFDC data. Impact is confined to Lenovo System x IMM2, with the v...

6.5CVSS6.7AI score0.00842EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder