VYPR

Integrated Management Module Firmware

by Lenovo

CVEs (2)

  • CVE-2017-3768HigJan 26, 2018
    risk 0.49cvss 7.5epss 0.01

    An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common…

  • CVE-2017-3744MedJun 20, 2017
    risk 0.42cvss 6.5epss 0.01

    In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear…