CVSS: 7.5EPSS: 0%CPEs: 84EXPL: 0CVE-2019-6157
https://notcve.org/view.php?id=CVE-2019-6157
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. En varias versiones de firmware de Lenovo System x, First Failure Data Capture (FFDC) del módulo de administración integrada II (IMM2) incluye la clave privada del servidor web dentro del archivo de registro generado para soporte. • https://support.lenovo.com/solutions/LEN-25667 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.9EPSS: 0%CPEs: 58EXPL: 0CVE-2018-9085 – Missing System x Flash Memory Write Protection Lock Bit
https://notcve.org/view.php?id=CVE-2018-9085
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors. Se ha dejado sin establecer un bit de bloqueo de protección de escritura tras el arranque en una generación más antigua de los servidores x de Lenovo y IBM System, lo que podría permitir que un atacante con acceso de administrador modifique el subconjunto de memoria flash que contiene Intel SPS (Server Platform Services) y los descriptores flash del sistema. • https://support.lenovo.com/us/en/solutions/LEN-24477 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 84EXPL: 0CVE-2018-9068
https://notcve.org/view.php?id=CVE-2018-9068
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI. La función IMM2 First Failure Data Capture recopila información de diagnóstico y registros de los módulos de gestión cuando se detecta un error de hardware. • https://support.lenovo.com/us/en/solutions/LEN-20227 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2013-0570
https://notcve.org/view.php?id=CVE-2013-0570
The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances by eavesdropping on the broadcast domain. IBM X-Force ID: 83166. La característica Fibre Channel over Ethernet (FCoE) en los switches IBM System Networking y Blade Network Technology (BNT) que ejecutan IBM Networking Operating System (también conocido como NOS, antes BLADE Operating System) inunda los frames de datos con direcciones MAC desconocidas en todas las interfaces en la misma VLAN. Esto podría permitir que atacantes remotos obtengan información sensible en circunstancias oportunistas escuchando en el dominio de transmisión. IBM X-Force ID: 83166. • https://exchange.xforce.ibmcloud.com/vulnerabilities/83166 https://www-304.ibm.com/support/docview.wss?uid=isg3T1019715 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2014-0882
https://notcve.org/view.php?id=CVE-2014-0882
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149. Integrated Management Module II (IMM2) en sistemas IBM Flex System, NeXtScale, System x3xxx y System x iDataPlex podría permitir que usuarios autenticados remotos obtengan información sensible de la cuenta mediante vectores relacionados con los datos generados de Service Advisor (FFDC). IBM X-Force ID: 91149. • https://support.lenovo.com/us/en/solutions/ht114525 https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882 https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •