Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA2BBA28D4579CBAD89521225FBAEC42FE44DF7F40B2EB411421BE169659DE0C7
HistoryDec 07, 2023 - 10:45 p.m.

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by information disclosure vulnerability (CVE-2019-6157)

2023-12-0722:45:02
www.ibm.com
14
ibm imm2
information disclosure
vulnerability
cve-2019-6157
lenovo system x
log file
private key
fix central

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.1%

JSON

Summary

IBM Integrated Management Module II (IMM2) has addressed the following information disclosure vulnerability.

Vulnerability Details

CVEID: CVE-2019-6157 DESCRIPTION: Lenovo System x could allow a local attacker to obtain sensitive information, caused by an issue with including private key information in log file in the integrated management module II (IMM2). By accessing the log file, an attacker could exploit this vulnerability to obtain private key information, and use this information to launch further attacks against the affected system.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159886&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Product

|

Affected Version

—|—

IBM Integrated Management Module II (IMM2) for System x & Flex Systems

|

1AOO

IBM Integrated Management Module II (IMM2) for BladeCenter Systems

|

1AOO

Remediation/Fixes

Firmware fix versions are available on Fix Central: http://www.ibm.com/support/fixcentral/

Product

|

Fix Version

—|—

IBM Integrated Management Module II (IMM2) for System x & Flex Systems
(ibm_fw_imm2_1aoo88b-7.20_anyos_noarch)

|

1AOO88B-7.20

IBM Integrated Management Module II (IMM2) for BladeCenter Systems
(ibm_fw_imm2_1aoo88b-7.20-bc_anyos_noarch)

|

1AOO88B-7.20-bc

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsystem_x_idataplex_dx360_m2_serverMatchany
OR
ibmflex_system_managerMatchany
OR
ibmsystem_x_idataplex_dx360_m2_serverMatchany

Related

lenovo 2
nvd 1
cvelist 1
prion 1
cve 1
lenovo
lenovo
IMM2 FFDC includes Private Key - US
2019-04-17 19:15:34
IMM2 FFDC includes Private Key - Lenovo Support NL
2019-04-17 19:15:34
nvd
nvd
CVE-2019-6157
2019-04-22 16:29:02
cvelist
cvelist
CVE-2019-6157
2019-04-18 00:00:00
prion
prion
Design/Logic Flaw
2019-04-22 16:29:00
cve
cve
CVE-2019-6157
2019-04-22 16:29:02

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.1%

JSON
Related for A2BBA28D4579CBAD89521225FBAEC42FE44DF7F40B2EB411421BE169659DE0C7
lenovo2nvd1cvelist1prion1cve1