6.5
CVE-2017-3744
- EPSS 0.26%
- Published 20.06.2017 00:29:00
- Last modified 20.04.2025 01:37:25
- Source psirt@lenovo.com
- Teams watchlist Login
- Open Login
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.
Data is provided by the National Vulnerability Database (NVD)
Lenovo ≫ Integrated Management Module Firmware Version <= 4.9
Lenovo ≫ Flex System X240 M4 Version-
Lenovo ≫ Flex System X240 M5 Version-
Lenovo ≫ Flex System X280 X6 Version-
Lenovo ≫ Flex System X440 M4 Version-
Lenovo ≫ Flex System X480 X6 Version-
Lenovo ≫ Flex System X880 Version-
Lenovo ≫ Nextscale Nx360 M5 Version-
Lenovo ≫ System X3250 M6 Version-
Lenovo ≫ System X3500 M5 Version-
Lenovo ≫ System X3550 M5 Version-
Lenovo ≫ System X3650 M5 Version-
Lenovo ≫ System X3750 M4 Version-
Lenovo ≫ System X3850 X6 Version-
Lenovo ≫ System X3950 X6 Version-
Lenovo ≫ Thinkagile Cx2200 Version-
Lenovo ≫ Thinkagile Cx4200 Version-
Lenovo ≫ Thinkagile Cx4600 Version-
Lenovo ≫ Flex System X240 M5 Version-
Lenovo ≫ Flex System X280 X6 Version-
Lenovo ≫ Flex System X440 M4 Version-
Lenovo ≫ Flex System X480 X6 Version-
Lenovo ≫ Flex System X880 Version-
Lenovo ≫ Nextscale Nx360 M5 Version-
Lenovo ≫ System X3250 M6 Version-
Lenovo ≫ System X3500 M5 Version-
Lenovo ≫ System X3550 M5 Version-
Lenovo ≫ System X3650 M5 Version-
Lenovo ≫ System X3750 M4 Version-
Lenovo ≫ System X3850 X6 Version-
Lenovo ≫ System X3950 X6 Version-
Lenovo ≫ Thinkagile Cx2200 Version-
Lenovo ≫ Thinkagile Cx4200 Version-
Lenovo ≫ Thinkagile Cx4600 Version-
Ibm ≫ Integrated Management Module Firmware Version <= 6.19
Ibm ≫ Bladecenter Hs22 Version-
Ibm ≫ Bladecenter Hs23 Version-
Ibm ≫ Bladecenter Hs23e Version-
Ibm ≫ Flex System X220 M4 Version-
Ibm ≫ Flex System X222 M4 Version-
Ibm ≫ Flex System X240 M4 Version-
Ibm ≫ Flex System X280 M4 Version-
Ibm ≫ Flex System X440 M4 Version-
Ibm ≫ Flex System X480 M4 Version-
Ibm ≫ Flex System X880 M4 Version-
Ibm ≫ Idataplex Dx360 M4 Version-
Ibm ≫ Idataplex Dx360 M4 Water Cooled Version-
Ibm ≫ Nextscale Nx360 M4 Version-
Ibm ≫ System X3100 M4 Version-
Ibm ≫ System X3100 M5 Version-
Ibm ≫ System X3250 M4 Version-
Ibm ≫ System X3250 M5 Version-
Ibm ≫ System X3300 M4 Version-
Ibm ≫ System X3500 M4 Version-
Ibm ≫ System X3530 M4 Version-
Ibm ≫ System X3550 M4 Version-
Ibm ≫ System X3630 M4 Version-
Ibm ≫ System X3650 M4 Version-
Ibm ≫ System X3650 M4 Bd Version-
Ibm ≫ System X3650 M4 Hd Version-
Ibm ≫ System X3750 M4 Version-
Ibm ≫ System X3850 X6 Version-
Ibm ≫ System X3950 X6 Version-
Ibm ≫ Bladecenter Hs23 Version-
Ibm ≫ Bladecenter Hs23e Version-
Ibm ≫ Flex System X220 M4 Version-
Ibm ≫ Flex System X222 M4 Version-
Ibm ≫ Flex System X240 M4 Version-
Ibm ≫ Flex System X280 M4 Version-
Ibm ≫ Flex System X440 M4 Version-
Ibm ≫ Flex System X480 M4 Version-
Ibm ≫ Flex System X880 M4 Version-
Ibm ≫ Idataplex Dx360 M4 Version-
Ibm ≫ Idataplex Dx360 M4 Water Cooled Version-
Ibm ≫ Nextscale Nx360 M4 Version-
Ibm ≫ System X3100 M4 Version-
Ibm ≫ System X3100 M5 Version-
Ibm ≫ System X3250 M4 Version-
Ibm ≫ System X3250 M5 Version-
Ibm ≫ System X3300 M4 Version-
Ibm ≫ System X3500 M4 Version-
Ibm ≫ System X3530 M4 Version-
Ibm ≫ System X3550 M4 Version-
Ibm ≫ System X3630 M4 Version-
Ibm ≫ System X3650 M4 Version-
Ibm ≫ System X3650 M4 Bd Version-
Ibm ≫ System X3650 M4 Hd Version-
Ibm ≫ System X3750 M4 Version-
Ibm ≫ System X3850 X6 Version-
Ibm ≫ System X3950 X6 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.47 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.