CVE-2017-3774

A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:lenovo:integrated_management_module_2:*:*:*:*:*:*:*:*
OR cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:lenovo:integrated_management_module_2:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*

Information

Published : 2018-04-19 07:29

Updated : 2018-05-24 09:27


NVD link : CVE-2017-3774

Mitre link : CVE-2017-3774


JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa

Products Affected

ibm

  • system_x3100_m4
  • system_x3250_m4
  • idataplex_dx360_m4_water_cooled
  • system_x3250_m5
  • flex_system_x480_m4
  • system_x3550_m4
  • bladecenter_hs23
  • system_x3500_m4
  • nextscale_nx360_m4
  • flex_system_x880_m4
  • flex_system_x280_m4
  • bladecenter_hs23e
  • flex_system_x222_m4
  • system_x3100_m5
  • flex_system_x240_m4
  • system_x3650_m4
  • system_x3300_m4
  • system_x3950_x6
  • system_x3650_m4_bd
  • flex_system_x440_m4
  • system_x3650_m4_hd
  • idataplex_dx360_m4
  • system_x3530_m4
  • system_x3630_m4
  • bladecenter_hs22
  • flex_system_x220_m4
  • system_x3750_m4
  • system_x3850_x6

lenovo

  • flex_system_x880
  • system_x3650_m5
  • system_x3850_x6
  • flex_system_x280_x6
  • system_x3550_m5
  • nextscale_nx360_m5
  • flex_system_x440_m4
  • system_x3500_m5
  • flex_system_x240_m4
  • system_x3750_m4
  • system_x3250_m6
  • flex_system_x240_m5
  • flex_system_x480_x6
  • system_x3950_x6
  • integrated_management_module_2