CVE-2014-0882: Infoleak
First published: Wed Apr 25 2018(Updated: )
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Integrated Management Module II Firmware | =3.50 | |
| IBM Integrated Management Module II Firmware | =3.55 | |
| IBM Integrated Management Module II Firmware | =3.56 | |
| IBM Integrated Management Module II Firmware | =3.65 | |
| IBM Integrated Management Module II Firmware | =3.67 | |
| IBM Flex System Manager | ||
| IBM Flex System Manager | ||
| Lenovo Flex System X220 | ||
| IBM Flex System X240 Compute Node | ||
| IBM Flex System X440 Compute Node | ||
| Lenovo Nextscale Nx360 M4 Firmware | ||
| Lenovo iDataplex Dx360 M4 | ||
| Ibm System X3100 M4 Firmware | ||
| IBM System X3250 M4 Firmware | ||
| Lenovo System X3500 M4 Firmware | ||
| Lenovo System X3530 M4 | ||
| Lenovo System X3550 M4 | ||
| Lenovo System X3630 M4 | ||
| IBM System x3650 M4 Firmware | ||
| Lenovo System X3750 M4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.lenovo.com/us/en/solutions/ht114525
- https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/
- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726
Frequently Asked Questions
What is the severity of CVE-2014-0882?
CVE-2014-0882 has been assigned a high severity score due to the potential exposure of sensitive account information.
How do I fix CVE-2014-0882?
To fix CVE-2014-0882, you should update the Integrated Management Module firmware to the latest version provided by IBM.
Who is affected by CVE-2014-0882?
CVE-2014-0882 affects users of IBM Integrated Management Module II firmware versions 3.50, 3.55, 3.56, 3.65, and 3.67.
What type of systems are vulnerable to CVE-2014-0882?
Systems vulnerable to CVE-2014-0882 include IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems.
What information could be exposed due to CVE-2014-0882?
CVE-2014-0882 could allow remote authenticated users to access sensitive account information via generated Service Advisor data.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm integrated management module ii firmware
- version/ibm integrated management module ii firmware/3.50
- version/ibm integrated management module ii firmware/3.55
- version/ibm integrated management module ii firmware/3.56
- version/ibm integrated management module ii firmware/3.65
- version/ibm integrated management module ii firmware/3.67
- canonical/ibm flex system manager
- canonical/lenovo flex system x220
- canonical/ibm flex system x240 compute node
- canonical/ibm flex system x440 compute node
- canonical/lenovo nextscale nx360 m4 firmware
- canonical/lenovo idataplex dx360 m4
- canonical/ibm system x3100 m4 firmware
- canonical/ibm system x3250 m4 firmware
- canonical/lenovo system x3500 m4 firmware
- canonical/lenovo system x3530 m4
- canonical/lenovo system x3550 m4
- canonical/lenovo system x3630 m4
- canonical/ibm system x3650 m4 firmware
- canonical/lenovo system x3750 m4