Skip to main content

System X3530 M4 Firmware

5 CVEs product

Monthly

CVE-2020-8332 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Lenovo IBM Bladecenter Hs23 Firmware Bladecenter Hs23E Firmware +16
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2019-6157 HIGH PATCH This Week

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Lenovo Information Disclosure Flex System X240 M4 Firmware Flex System X240 M5 Firmware Flex System X280 X6 Firmware +34
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-6155 HIGH This Week

A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Bladecenter Hs23 Firmware System X3530 M4 Firmware System X3630 M4 Firmware +1
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2018-9085 MEDIUM This Month

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Intel Privilege Escalation IBM Flex System X240 M4 Firmware +25
NVD
CVSS 3.0
4.9
EPSS
0.7%
CVE-2018-9068 HIGH This Week

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass IBM Flex System X240 M4 Firmware Flex System X240 M5 Firmware +35
NVD
CVSS 3.0
7.5
EPSS
1.1%
EPSS 0% CVSS 6.4
MEDIUM This Month

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Lenovo IBM +18
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Lenovo Information Disclosure Flex System X240 M4 Firmware +36
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Bladecenter Hs23 Firmware +3
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Intel Privilege Escalation +27
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass IBM +37
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy