Sign-up

ID

VAR-201804-0270


CVE

CVE-2014-0881


TITLE

Integrated Management Module II Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-008613

DESCRIPTION

The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146. Integrated Management Module II (IMM2) Contains an access control vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 91146 It is released as.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. IBM Flex System x222 servers is a x222 series blade server of IBM Corporation in the United States

Trust: 1.71

sources: NVD: CVE-2014-0881 // JVNDB: JVNDB-2014-008613 // VULHUB: VHN-68374

AFFECTED PRODUCTS

vendor:ibmmodel:integrated management modulescope:lteversion:3.56

Trust: 1.0

vendor:ibmmodel:integrated management modulescope:gteversion:1.00

Trust: 1.0

vendor:ibmmodel:integrated management modulescope: - version: -

Trust: 0.8

vendor:ibmmodel:integrated management modulescope:eqversion:1.43

Trust: 0.6

vendor:ibmmodel:integrated management modulescope:eqversion:1.36

Trust: 0.6

sources: JVNDB: JVNDB-2014-008613 // CNNVD: CNNVD-201804-1435 // NVD: CVE-2014-0881

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0881
value: HIGH

Trust: 1.0

NVD: CVE-2014-0881
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201804-1435
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68374
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0881
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68374
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-0881
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-68374 // JVNDB: JVNDB-2014-008613 // CNNVD: CNNVD-201804-1435 // NVD: CVE-2014-0881

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

sources: VULHUB: VHN-68374 // JVNDB: JVNDB-2014-008613 // NVD: CVE-2014-0881

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1435

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-1435

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008613

PATCH
title:CVE-2014-0881url:https://www.ibm.com/blogs/psirt/security-bulletin-tpm-on-the-integrated-management-module-ii-imm2-of-flex-system-x222-compute-node-is-not-configured-correctly-cve-2014-0881/
Trust: 0.8
title:MIGR-5094725url:https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094725
Trust: 0.8
title:IBM Flex System x222 servers IMM2 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79704
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-008613 // 
            
            
            
            CNNVD: CNNVD-201804-1435

EXTERNAL IDS
db:NVDid:CVE-2014-0881
Trust: 2.5
db:JVNDBid:JVNDB-2014-008613
Trust: 0.8
db:CNNVDid:CNNVD-201804-1435
Trust: 0.7
db:VULHUBid:VHN-68374
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68374 // 
            
            
            
            JVNDB: JVNDB-2014-008613 // 
            
            
            
            CNNVD: CNNVD-201804-1435 // 
            
            
            
            NVD: CVE-2014-0881

REFERENCES
url:https://support.lenovo.com/us/en/solutions/ht114524
Trust: 1.7
url:https://www.ibm.com/blogs/psirt/security-bulletin-tpm-on-the-integrated-management-module-ii-imm2-of-flex-system-x222-compute-node-is-not-configured-correctly-cve-2014-0881/
Trust: 1.7
url:https://www.ibm.com/support/home/docdisplay?lndocid=migr-5094725
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0881
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-0881
Trust: 0.8
sources:
            
            
            VULHUB: VHN-68374 // 
            
            
            
            JVNDB: JVNDB-2014-008613 // 
            
            
            
            CNNVD: CNNVD-201804-1435 // 
            
            
            
            NVD: CVE-2014-0881

SOURCES
db:VULHUBid:VHN-68374
db:JVNDBid:JVNDB-2014-008613
db:CNNVDid:CNNVD-201804-1435
db:NVDid:CVE-2014-0881

LAST UPDATE DATE
2024-11-23T22:17:36.396000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68374date:2018-06-04T00:00:00
db:JVNDBid:JVNDB-2014-008613date:2018-06-22T00:00:00
db:CNNVDid:CNNVD-201804-1435date:2018-04-26T00:00:00
db:NVDid:CVE-2014-0881date:2024-11-21T02:02:58.203

SOURCES RELEASE DATE
db:VULHUBid:VHN-68374date:2018-04-25T00:00:00
db:JVNDBid:JVNDB-2014-008613date:2018-06-22T00:00:00
db:CNNVDid:CNNVD-201804-1435date:2018-04-26T00:00:00
db:NVDid:CVE-2014-0881date:2018-04-25T20:29:00.370