cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2020-8332,https://securityvulnerability.io/vulnerability/CVE-2020-8332,Arbitrary Code Execution in Legacy USB Drivers for Lenovo and IBM Servers,"A vulnerability exists in the SMI callback function utilized by the USB drivers in legacy BIOS mode on certain Lenovo and IBM System x servers. This flaw could potentially allow an attacker to execute arbitrary code, thereby compromising the affected systems. It's important to note that servers operating in UEFI mode are not subject to this vulnerability.",Lenovo,System X,6.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-10-14T21:25:19.000Z,0 CVE-2020-8340,https://securityvulnerability.io/vulnerability/CVE-2020-8340,Cross-Site Scripting Vulnerability in IBM and Lenovo System x IMM2,"A cross-site scripting (XSS) vulnerability was identified in the embedded Baseboard Management Controller (BMC) web interface of IBM and Lenovo System x IMM2, prior to version 5.60. This issue can potentially allow an attacker to execute malicious JavaScript code in a victim's web browser by convincing them to access a specially crafted URL, which may be delivered through phishing tactics. The risk of successful exploitation is contingent upon the attacker possessing specific knowledge related to the user’s network, and the affected user's access rights and authentication status. Notably, the JavaScript is executed in the user's environment and does not affect the IMM2 system itself.",Lenovo,"System X Imm2 Firmware For: X240, Machine Types: 7162, 2588; X440, Machine Type 7167, 2590 ; X3750 M4, Machine Type: 8753 ; X3250 M6, Machine Type 3633, 3943 ; Nx360 M5, Machine Type 5465, 5467 ; X280/x480/x880 X6 , Machine Type 7196, 4258 ; X3850 X6 And X3950 X6, Machine Type 6241 ; X3550 M5, Machine Type 5463, 8869 ; X3650 M5, Machine Type 5462, 8871; X3500 M5, Machine Type 5464, 5478,System X Imm2 Firmware For X240 M5, Machine Types: 9532, 2591,System X Imm2 Firmware",6.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-09-15T00:00:00.000Z,0 CVE-2019-6157,https://securityvulnerability.io/vulnerability/CVE-2019-6157,Vulnerability in Lenovo System x Integrated Management Module II,"An information disclosure vulnerability exists in the Integrated Management Module II of Lenovo System x. This issue arises from the first failure data capture (FFDC) process, which inadvertently includes the web server's private key in the log files generated for support. This means that sensitive cryptographic material could be exposed, potentially allowing unauthorized access or communication interception implicating the security of the affected systems.",Lenovo,System X,6.5,MEDIUM,0.00203999993391335,false,,false,false,false,,,false,false,,2019-04-18T00:00:00.000Z,0 CVE-2018-9085,https://securityvulnerability.io/vulnerability/CVE-2018-9085,Missing System x Flash Memory Write Protection Lock Bit,"A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.",Lenovo,System X Uefi,4.9,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2018-11-16T14:00:00.000Z,0 CVE-2018-9068,https://securityvulnerability.io/vulnerability/CVE-2018-9068,,"The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI.",Lenovo,System X Imm2,7.5,HIGH,0.001560000004246831,false,,false,false,false,,,false,false,,2018-07-26T00:00:00.000Z,0 CVE-2017-3775,https://securityvulnerability.io/vulnerability/CVE-2017-3775,,"Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.",Lenovo,Some Lenovo Flex System And Lenovo System X Products,6.4,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2018-05-04T17:29:00.000Z,0 CVE-2017-3744,https://securityvulnerability.io/vulnerability/CVE-2017-3744,,"In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.",Lenovo,Lenovo System X Imm2,6.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2017-06-20T00:00:00.000Z,0 CVE-2016-8226,https://securityvulnerability.io/vulnerability/CVE-2016-8226,,"The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.",Lenovo,"System X M5, M6, And X6 BiOS",4.9,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2017-01-26T17:00:00.000Z,0