System x
by Lenovo
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-11679 | Med | 0.29 | 4.4 | 0.00 | Apr 11, 2025 | An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory. | ||
| CVE-2024-33975 | 0.00 | — | 0.00 | Aug 6, 2024 | Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'view' parameter in… | |||
| CVE-2020-8332 | 0.00 | — | 0.00 | Oct 14, 2020 | A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected. | |||
| CVE-2019-6159 | 0.00 | — | 0.01 | Aug 19, 2019 | A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM… | |||
| CVE-2019-6157 | 0.00 | — | 0.01 | Apr 22, 2019 | In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. | |||
| CVE-2018-9085 | 0.00 | — | 0.01 | Nov 16, 2018 | A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash… |
- risk 0.29cvss 4.4epss 0.00
An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory.
- CVE-2024-33975Aug 6, 2024risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'view' parameter in…
- CVE-2020-8332Oct 14, 2020risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.
- CVE-2019-6159Aug 19, 2019risk 0.00cvss —epss 0.01
A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM…
- CVE-2019-6157Apr 22, 2019risk 0.00cvss —epss 0.01
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
- CVE-2018-9085Nov 16, 2018risk 0.00cvss —epss 0.01
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash…