cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-8340,https://securityvulnerability.io/vulnerability/CVE-2020-8340,Cross-Site Scripting Vulnerability in IBM and Lenovo System x IMM2,"A cross-site scripting (XSS) vulnerability was identified in the embedded Baseboard Management Controller (BMC) web interface of IBM and Lenovo System x IMM2, prior to version 5.60. This issue can potentially allow an attacker to execute malicious JavaScript code in a victim's web browser by convincing them to access a specially crafted URL, which may be delivered through phishing tactics. The risk of successful exploitation is contingent upon the attacker possessing specific knowledge related to the user’s network, and the affected user's access rights and authentication status. Notably, the JavaScript is executed in the user's environment and does not affect the IMM2 system itself.",Lenovo,"System X Imm2 Firmware For: X240, Machine Types: 7162, 2588;  X440, Machine Type 7167, 2590 ; X3750 M4, Machine Type: 8753 ;  X3250 M6, Machine Type 3633, 3943 ; Nx360 M5, Machine Type 5465, 5467 ;  X280/x480/x880 X6 , Machine Type 7196, 4258 ; X3850 X6 And X3950 X6, Machine Type 6241    ; X3550 M5, Machine Type 5463, 8869 ; X3650 M5, Machine Type 5462, 8871; X3500 M5, Machine Type 5464, 5478,System X Imm2 Firmware For X240 M5, Machine Types: 9532, 2591,System X Imm2 Firmware",6.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-09-15T00:00:00.000Z,0
CVE-2018-9068,https://securityvulnerability.io/vulnerability/CVE-2018-9068,,"The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI.",Lenovo,System X Imm2,7.5,HIGH,0.001560000004246831,false,,false,false,false,,,false,false,,2018-07-26T00:00:00.000Z,0
CVE-2017-3744,https://securityvulnerability.io/vulnerability/CVE-2017-3744,,"In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.",Lenovo,Lenovo System X Imm2,6.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2017-06-20T00:00:00.000Z,0