CVSS: 6.3EPSS: 0%CPEs: 16EXPL: 0CVE-2020-8340
https://notcve.org/view.php?id=CVE-2020-8340
15 Sep 2020 — A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user's web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included i... • https://support.lenovo.com/us/en/product_security/LEN-44717 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 44EXPL: 0CVE-2017-3774
https://notcve.org/view.php?id=CVE-2017-3774
19 Apr 2018 — A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption. Se ha descubierto una vulnerabilidad de desbordamiento de pila en el servicio de administración web en Integ... • https://support.lenovo.com/us/en/product_security/LEN-19586 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 33EXPL: 0CVE-2013-4030
https://notcve.org/view.php?id=CVE-2013-4030
21 Jan 2014 — Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic. Integrated Management Module (IMM) 2 1.00 hasta 2.00 de los servidores IBM System X y Flex System soporta conjuntos de cifrado SSL con claves cortas, lo que hace que sea más fácil para los atacantes remotos romper la protec... • http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301 • CWE-310: Cryptographic Issues •