{"containers": {"cna": {"affected": [{"product": "Lenovo System x IMM2", "vendor": "Lenovo Group Ltd.", "versions": [{"status": "affected", "version": "Lenovo System x IMM2 firmware versions earlier than 4.10 and IBM System x IMM2 firmware versions earlier than 6.20"}]}], "datePublic": "2017-06-08T00:00:00", "descriptions": [{"lang": "en", "value": "In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands."}], "problemTypes": [{"descriptions": [{"description": "Disclosure of login credentials to user with local privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-19T23:57:01", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/product_security/LEN-14054"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2017-3744", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Lenovo System x IMM2", "version": {"version_data": [{"version_value": "Lenovo System x IMM2 firmware versions earlier than 4.10 and IBM System x IMM2 firmware versions earlier than 6.20"}]}}]}, "vendor_name": "Lenovo Group Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Disclosure of login credentials to user with local privileges"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/product_security/LEN-14054", "refsource": "CONFIRM", "url": "https://support.lenovo.com/product_security/LEN-14054"}]}}}}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2017-3744", "datePublished": "2017-06-20T00:00:00", "dateReserved": "2016-12-16T00:00:00", "dateUpdated": "2017-06-19T23:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:integrated_management_module_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CA6D55A-5391-4B6F-A399-A0449A1EBD8B", "versionEndIncluding": "4.9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*", "matchCriteriaId": "68ED17ED-BE60-4EE3-9599-C88C3C7A626C", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*", "matchCriteriaId": "D89A2206-7012-4938-9BE2-ACF014E3F3B2", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FC3467C-3F00-4EE3-B40E-3AE7F93094DD", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "57A78B63-6588-4C40-BEBB-88C8DF467A18", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "145F0B3C-A945-443B-AB08-329F72358801", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "F70A2471-D476-4FB7-8D1F-FEE0E4BF460C", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "25A3A89F-CB39-4E76-BC64-3C4F4788FB8C", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_cx2200:-:*:*:*:*:*:*:*", "matchCriteriaId": "CEA2F515-2E29-4478-AE61-9C513CC6901B", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_cx4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC339542-79DA-45AB-B488-C99D1FEB8359", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_cx4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "987FB06B-F349-48D5-B46C-CF23BD6B6811", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "740F81FC-AD9F-4AA0-9A32-7363363B7AEC", "versionEndIncluding": "6.19", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E9180CC-F795-4B8D-B9BF-37488D352AC0", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*", "matchCriteriaId": "C010052B-1EBD-4129-9DCE-077575B8286A", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5F02BE9-BA77-4DC2-AB7A-BF53FE3B7CA0", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "B6A0AABD-73B4-4311-9185-643DE173092E", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "828C175A-0B5F-453D-A661-0AD955DB22C6", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A17A8F8-F833-4F5E-A0ED-CF01B1ABAA9F", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC450128-EDFE-4BD3-A87F-946EED1E0E39", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "29845B4B-04B8-4685-948F-4DD19C88D7AB", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C7EABA0-ADB1-4A9B-AB96-FF6BB5720C50", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "9642CB05-D7EE-4AFA-A28F-A6E7961A57EA", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A58320C-8C0B-4819-838A-AE31F9BFC70E", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "57E3BC19-4A70-4225-91E4-1DAE6C1986E7", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "967EE555-D0BF-4505-BB9D-0A7A92E94889", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*", "matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8ED74FB-C819-4BD9-9986-2588FCC2D308", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DDB4836-D812-4818-AC08-38EABD56F3EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands."}, {"lang": "es", "value": "En el firmware IMM2 de los servidores Lenovo System x, los comandos remotos enviados por LXCA u otras utilidades pueden ser capturados en el registro del servicio First Failure Data Capture (FFDC) si el registro del servicio se genera cuando ese comando remoto est\u00e1 en ejecuci\u00f3n. Los datos de comando capturados podr\u00edan contener informaci\u00f3n de inicio de sesi\u00f3n en texto claro. Los usuarios autorizados que pueden capturar y exportar datos de registro del servicio FFDC podr\u00edan tener acceso a estos comandos remotos."}], "id": "CVE-2017-3744", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-20T00:29:00.330", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/product_security/LEN-14054"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}