Skip to main content

Bladecenter Hs22 Firmware

3 CVEs product

Monthly

CVE-2019-6159 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Bladecenter Hs22 Firmware Bladecenter Hs22V Firmware Bladecenter Hx5 Firmware +12
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-6157 HIGH PATCH This Week

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Lenovo Information Disclosure Flex System X240 M4 Firmware Flex System X240 M5 Firmware Flex System X280 X6 Firmware +34
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-9068 HIGH This Week

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass IBM Flex System X240 M4 Firmware Flex System X240 M5 Firmware +35
NVD
CVSS 3.0
7.5
EPSS
1.1%
EPSS 1% CVSS 6.1
MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Bladecenter Hs22 Firmware +14
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Lenovo Information Disclosure Flex System X240 M4 Firmware +36
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass IBM +37
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy