Flex System X220 M4 Firmware
Monthly
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.