A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.
References
Link | Resource |
---|---|
https://support.lenovo.com/us/en/product_security/LEN-19586 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Information
Published : 2018-04-19 07:29
Updated : 2018-05-24 09:27
NVD link : CVE-2017-3774
Mitre link : CVE-2017-3774
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
ibm
- system_x3100_m4
- system_x3250_m4
- idataplex_dx360_m4_water_cooled
- system_x3250_m5
- flex_system_x480_m4
- system_x3550_m4
- bladecenter_hs23
- system_x3500_m4
- nextscale_nx360_m4
- flex_system_x880_m4
- flex_system_x280_m4
- bladecenter_hs23e
- flex_system_x222_m4
- system_x3100_m5
- flex_system_x240_m4
- system_x3650_m4
- system_x3300_m4
- system_x3950_x6
- system_x3650_m4_bd
- flex_system_x440_m4
- system_x3650_m4_hd
- idataplex_dx360_m4
- system_x3530_m4
- system_x3630_m4
- bladecenter_hs22
- flex_system_x220_m4
- system_x3750_m4
- system_x3850_x6
lenovo
- flex_system_x880
- system_x3650_m5
- system_x3850_x6
- flex_system_x280_x6
- system_x3550_m5
- nextscale_nx360_m5
- flex_system_x440_m4
- system_x3500_m5
- flex_system_x240_m4
- system_x3750_m4
- system_x3250_m6
- flex_system_x240_m5
- flex_system_x480_x6
- system_x3950_x6
- integrated_management_module_2