CVE-2014-0882

Опубликовано: 25 апр. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.

Ссылки

https://support.lenovo.com/us/en/solutions/ht114525
Third Party Advisory
https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/
Vendor Advisory
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726
Vendor Advisory
https://support.lenovo.com/us/en/solutions/ht114525
Third Party Advisory
https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/
Vendor Advisory
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:ibm:integrated_management_module_firmware:3.50:*:*:*:*:*:*:*

cpe:2.3:o:ibm:integrated_management_module_firmware:3.55:*:*:*:*:*:*:*

cpe:2.3:o:ibm:integrated_management_module_firmware:3.56:*:*:*:*:*:*:*

cpe:2.3:o:ibm:integrated_management_module_firmware:3.65:*:*:*:*:*:*:*

cpe:2.3:o:ibm:integrated_management_module_firmware:3.67:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:ibm:flex_system_manager_7955:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system_manager_8731:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system_x220:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system_x240:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system_x440:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:system_x_idataplex_dx360_m4:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00228

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-485f-jqfm-mc75