104 matches found
CVE-2014-0882
Integrated Management Module II IMM2 on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data FFDC. IBM X-Force ID: 91149...
CVE-2014-0882
CVE-2014-0882 affects IBM IMM2 (Integrated Management Module II) across Flex System x220/x222/x240/x440, NeXtScale nx360 M4, System x3100/M4, x3250/M4, x3500/M4, x3530/M4, x3550/M4, x3630/M4, x3650/M4, x3750/M4, and x iDataPlex dx360 M4, where certain configurations may cause generated Service Ad...
CVE-2014-0881
The CVE-2014-0881 vulnerability affects IBM Flex System x222 compute node IMM2 TPM (firmware 1.00–3.56). The issue arises from an incorrectly configured TPM, potentially allowing an attacker to exfiltrate TPM data or cause a denial-of-service. IBM/IBM X-Force notes exploitability; IBM bulletin re...
CVE-2017-3774
CVE-2017-3774 describes a stack overflow in the IMM2 web administration service. The vulnerability affects IMM2 firmware earlier than 4.70 on Lenovo servers and earlier than 6.60 on some IBM servers, where a crafted user ID and password can overflow the authentication routine’s stack, causing sta...
IMM2 Web Service Stack Overflow - NL
Lenovo Security Advisory: LEN-19586 Potential Impact: Stack overflow leading to memory corruption Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2017-3774 Summary Description: A stack overflow vulnerability was discovered within the web administration service in the...
IMM2 Web Service Stack Overflow - Lenovo Support US
Lenovo Security Advisory: LEN-19586 Potential Impact: Stack overflow leading to memory corruption Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2017-3774 Summary Description: A stack overflow vulnerability was discovered within the web administration service in the...
Authentication flaw
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x. Flooding the IMM2 with a high volume of authentication failures via the Common Information Model CIM used ...
CVE-2017-3768
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x. Flooding the IMM2 with a high volume of authentication failures via the Common Information Model CIM used ...
CVE-2017-3768
CVE-2017-3768 affects IBM IMM2 (System x, Flex, BladeCenter) and Lenovo System x variants. A remote, unprivileged attacker with CIM connectivity can flood IMM2 with authentication failures, exhausting memory and causing the device to reboot. Affected versions are Lenovo System x (pre-4.4) and IBM...
CVE-2017-3768
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x. Flooding the IMM2 with a high volume of authentication failures via the Common Information Model CIM used ...
IMM2 Denial of Service Attack by an Unprivileged User - NL
Lenovo Security Advisory: LEN-14450 Potential Impact: Denial of Service Severity: Medium Scope of Impact: Lenovo Specific CVE Identifier: CVE-2017-3768 Summary Description: A vulnerability was discovered in the Integrated Management Module 2 IMM2 used in some Lenovo servers where an unprivileged...
IMM2 Denial of Service Attack by an Unprivileged User - Lenovo Support NL
No description provided...
Login information processed by the IMM2 may be exposed to local IMM2 users - Lenovo Support US
No description provided...
Login information processed by the IMM2 may be exposed to local IMM2 users - us
Lenovo Security Advisory: LEN-14054 Potential Impact: Disclosure of login credentials to user with local privileges Severity: Medium Scope of Impact: Lenovo Specific CVE Identifier: CVE-2017-3744 Summary Description: A risk has been identified in the IMM2 firmware of Lenovo System x servers where...
CVE-2017-3744
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture FFDC service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information...
CVE-2017-3744
CVE-2017-3744 affects Lenovo System x IMM2 firmware. Remote commands issued by LXCA/other utilities may be logged in the FFDC service log, potentially exposing clear-text login information to authorized users who can capture/export FFDC data. Impact is confined to Lenovo System x IMM2, with the v...
CVE-2017-3744
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture FFDC service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information...
Inherent Risks of Using the Intelligent Platform Management Interface (IPMI) on the Lenovo System x Integrated Management Module (IMM), Integrated Management Module II (IMM2) and ThinkServer TSM - us
Lenovo Security Advisory: LEN-10617 Potential Impact: Access to systems through IPMI if default settings are not changed Severity: High Scope of Impact: Industry-Wide CVE Identifiers: CVE-2013-4037, CVE-2013-4031 Summary Description: Various risks with the industry-standard Intelligent Platform...
Privilege Escalation and Denial of Service Vulnerabilities in System X IMM2
...
CVE-2014-0860
The firmware before 3.66E in IBM BladeCenter Advanced Management Module AMM, the firmware before 1.43 in IBM Integrated Management Module IMM, and the firmware before 4.15 in IBM Integrated Management Module II IMM2 contains cleartext IPMI credentials, which allows attackers to execute arbitrary...