Unrated severityNVD Advisory· Published Apr 16, 2015· Updated May 6, 2026

CVE-2015-3324

Description

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers.

Affected products

Lenovo/Thinkserver System Manager Baseboard Management Controller Firmware
cpe:2.3:o:lenovo:thinkserver_system_manager_baseboard_management_controller_firmware:118.71532:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.lenovo.com/us/en/product_security/tsm_weak_pwnvdPatchVendor Advisory
www.securityfocus.com/bid/74199nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000