Vulnerability CVE-2014-0882

Vulnerability CVE-2014-0882

Published: 2018-04-25

Description:

Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4/10	2.9/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
IBM -> Integrated management module firmware

References:

https://support.lenovo.com/us/en/solutions/ht114525

https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/

https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726

Vulnerability CVE-2014-0882

Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.

CWE-200

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

4/10

2.9/10

8/10

Remote

Low

Single time

Partial

None

None

Affected software

References: