CVSS: 6.3EPSS: 0%CPEs: 16EXPL: 0CVE-2020-8340
https://notcve.org/view.php?id=CVE-2020-8340
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user's web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself. • https://support.lenovo.com/us/en/product_security/LEN-44717 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 44EXPL: 0CVE-2017-3774
https://notcve.org/view.php?id=CVE-2017-3774
A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption. Se ha descubierto una vulnerabilidad de desbordamiento de pila en el servicio de administración web en Integrated Management Module 2 (IMM2), en versiones anteriores a la 4.70 empleadas en algunos servidores de Lenovo y en versiones anteriores a la 6.60 empleadas en algunos servidores de IBM. Un atacante que proporcione una combinación de ID y contraseña manipulados puede hacer que una porción de la rutina de autenticación desborde su pila, lo que provoca una corrupción de la pila. • https://support.lenovo.com/us/en/product_security/LEN-19586 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2013-4030
https://notcve.org/view.php?id=CVE-2013-4030
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic. Integrated Management Module (IMM) 2 1.00 hasta 2.00 de los servidores IBM System X y Flex System soporta conjuntos de cifrado SSL con claves cortas, lo que hace que sea más fácil para los atacantes remotos romper la proteccion criptografica de los mecanismos de de cifrado a través de (1) un ataque de fuerza bruta contra SSL o (2) El tráfico TLS. • http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301 https://exchange.xforce.ibmcloud.com/vulnerabilities/86068 • CWE-310: Cryptographic Issues •