{"containers": {"cna": {"affected": [{"product": "IMM2", "vendor": "Lenovo Group Ltd.", "versions": [{"status": "affected", "version": "Earlier than 4.40"}]}, {"product": "IMM2", "vendor": "IBM", "versions": [{"status": "affected", "version": "Earlier than 6.60"}]}], "datePublic": "2018-04-12T00:00:00", "descriptions": [{"lang": "en", "value": "A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption."}], "problemTypes": [{"descriptions": [{"description": "Stack overflow leading to memory corruption", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-19T13:57:01", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/product_security/LEN-19586"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2018-04-12T00:00:00", "ID": "CVE-2017-3774", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "IMM2", "version": {"version_data": [{"version_value": "Earlier than 4.40"}]}}]}, "vendor_name": "Lenovo Group Ltd."}, {"product": {"product_data": [{"product_name": "IMM2", "version": {"version_data": [{"version_value": "Earlier than 6.60"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Stack overflow leading to memory corruption"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/LEN-19586", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/LEN-19586"}]}}}}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2017-3774", "datePublished": "2018-04-12T00:00:00", "dateReserved": "2016-12-16T00:00:00", "dateUpdated": "2018-04-19T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:integrated_management_module_2:*:*:*:*:*:*:*:*", "matchCriteriaId": "0304A99D-9E06-43AA-9D67-195BCA4D10E7", "versionEndExcluding": "4.70", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*", "matchCriteriaId": "68ED17ED-BE60-4EE3-9599-C88C3C7A626C", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*", "matchCriteriaId": "D89A2206-7012-4938-9BE2-ACF014E3F3B2", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FC3467C-3F00-4EE3-B40E-3AE7F93094DD", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "57A78B63-6588-4C40-BEBB-88C8DF467A18", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "145F0B3C-A945-443B-AB08-329F72358801", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "F70A2471-D476-4FB7-8D1F-FEE0E4BF460C", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "25A3A89F-CB39-4E76-BC64-3C4F4788FB8C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:integrated_management_module_2:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5E813F6-4EB2-4E3D-AD4D-7D8EB1BFB71D", "versionEndExcluding": "6.60", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter_hs22:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E9180CC-F795-4B8D-B9BF-37488D352AC0", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*", "matchCriteriaId": "C010052B-1EBD-4129-9DCE-077575B8286A", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:bladecenter_hs23e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5F02BE9-BA77-4DC2-AB7A-BF53FE3B7CA0", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flex_system_x220_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "B6A0AABD-73B4-4311-9185-643DE173092E", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flex_system_x280_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "828C175A-0B5F-453D-A661-0AD955DB22C6", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flex_system_x480_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A17A8F8-F833-4F5E-A0ED-CF01B1ABAA9F", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flex_system_x880_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC450128-EDFE-4BD3-A87F-946EED1E0E39", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "29845B4B-04B8-4685-948F-4DD19C88D7AB", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C7EABA0-ADB1-4A9B-AB96-FF6BB5720C50", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:nextscale_nx360_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "9642CB05-D7EE-4AFA-A28F-A6E7961A57EA", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3100_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A58320C-8C0B-4819-838A-AE31F9BFC70E", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3250_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "57E3BC19-4A70-4225-91E4-1DAE6C1986E7", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "967EE555-D0BF-4505-BB9D-0A7A92E94889", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*", "matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3850_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8ED74FB-C819-4BD9-9986-2588FCC2D308", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:system_x3950_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DDB4836-D812-4818-AC08-38EABD56F3EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de desbordamiento de pila en el servicio de administraci\u00f3n web en Integrated Management Module 2 (IMM2), en versiones anteriores a la 4.70 empleadas en algunos servidores de Lenovo y en versiones anteriores a la 6.60 empleadas en algunos servidores de IBM. Un atacante que proporcione una combinaci\u00f3n de ID y contrase\u00f1a manipulados puede hacer que una porci\u00f3n de la rutina de autenticaci\u00f3n desborde su pila, lo que provoca una corrupci\u00f3n de la pila."}], "id": "CVE-2017-3774", "lastModified": "2018-05-24T16:27:03.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-19T14:29:00.357", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-19586"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}