Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-3744

Опубликовано: 20 июн. 2017
Источник: nvd
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:lenovo:integrated_management_module_firmware:*:*:*:*:*:*:*:*
Версия до 4.9 (включая)

Одно из

cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_cx2200:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_cx4200:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_cx4600:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:ibm:integrated_management_module_firmware:*:*:*:*:*:*:*:*
Версия до 6.19 (включая)

Одно из

cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*

EPSS

Процентиль: 50%
0.00264
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-532

Связанные уязвимости

github логотип

GHSA-vwcj-7f4r-r8xj

CVSS3: 6.5
github
больше 3 лет назад

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.

EPSS

Процентиль: 50%
0.00264
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-532