Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-3774

Опубликовано: 19 апр. 2018
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:lenovo:integrated_management_module_2:*:*:*:*:*:*:*:*
Версия до 4.70 (исключая)

Одно из

cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:a:lenovo:integrated_management_module_2:*:*:*:*:*:*:*:*
Версия до 6.60 (исключая)

Одно из

cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*

EPSS

Процентиль: 68%
0.00585
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

github логотип

GHSA-4qmr-v28r-p74f

CVSS3: 9.8
github
больше 3 лет назад

A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.

EPSS

Процентиль: 68%
0.00585
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119