Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ibm Subscribe
Filtered by product Integrated Management Module Firmware
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-3744 2 Ibm, Lenovo 47 Bladecenter Hs22, Bladecenter Hs23, Bladecenter Hs23e and 44 more 2019-10-02 4.0 MEDIUM 6.5 MEDIUM
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.
CVE-2014-0882 1 Ibm 16 Flex System Manager 7955, Flex System Manager 8731, Flex System X220 and 13 more 2018-06-04 4.0 MEDIUM 6.5 MEDIUM
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.
CVE-2014-0881 1 Ibm 2 Flex System X222, Integrated Management Module Firmware 2018-06-04 5.8 MEDIUM 7.4 HIGH
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146.
CVE-2014-0860 1 Ibm 6 Advanced Management Module, Advanced Management Module Firmware, Integrated Management Module and 3 more 2017-08-28 5.0 MEDIUM N/A
The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.