VYPR

System x

by Lenovo

CVEs (6)

  • CVE-2024-11679MedApr 11, 2025
    risk 0.29cvss 4.4epss 0.00

    An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory.

  • CVE-2024-33975Aug 6, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'view' parameter in…

  • CVE-2020-8332Oct 14, 2020
    risk 0.00cvss epss 0.00

    A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.

  • CVE-2019-6159Aug 19, 2019
    risk 0.00cvss epss 0.01

    A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM…

  • CVE-2019-6157Apr 22, 2019
    risk 0.00cvss epss 0.01

    In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.

  • CVE-2018-9085Nov 16, 2018
    risk 0.00cvss epss 0.01

    A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash…