Sign-up

ID

VAR-201804-0271


CVE

CVE-2014-0882


TITLE

Integrated Management Module II Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2014-008614

DESCRIPTION

Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149. Integrated Management Module II (IMM2) Contains an information disclosure vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 91149 It is released as.Information may be obtained. IBMFlexSystemx220ComputeNode and so on are different series of server devices from IBM Corporation of the United States. IntegratedManagementModuleII (IMM2) is one of the integrated management modules. There are security vulnerabilities in IMM2 in several IBM products. A remote attacker can exploit this vulnerability to obtain sensitive account information. IBM Flex System x220 Compute Node, etc. The following products are affected: IBM Flex System x220 Compute Node; Flex System x222 Compute Node; Flex System x240 Compute Node; Flex System x440 Compute Node; Flex System Manager Node 7955 and 8731; NeXtScale nx360 M4; System x3500 M4; System x3530 M4; System x3550 M4; System x3630 M4; System x3650 M4; System x3750 M4; System x iDataPlex dx360 M4. The following firmware versions are affected: Version 3.50 1AOO50B, Version 3.55 1AOO50E, Version 3.56 1AOO50K, Version 3.65 1AOO50D, Version 3.67 1AOO50G

Trust: 2.25

sources: NVD: CVE-2014-0882 // JVNDB: JVNDB-2014-008614 // CNVD: CNVD-2018-09164 // VULHUB: VHN-68375

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-09164

AFFECTED PRODUCTS

vendor:ibmmodel:integrated management modulescope:eqversion:3.65

Trust: 1.6

vendor:ibmmodel:integrated management modulescope:eqversion:3.56

Trust: 1.6

vendor:ibmmodel:integrated management modulescope:eqversion:3.55

Trust: 1.6

vendor:ibmmodel:integrated management modulescope:eqversion:3.67

Trust: 1.6

vendor:ibmmodel:integrated management modulescope:eqversion:3.50

Trust: 1.6

vendor:ibmmodel:integrated management modulescope: - version: -

Trust: 0.8

vendor:ibmmodel:flex system integrated management modulescope:eqversion:2

Trust: 0.6

sources: CNVD: CNVD-2018-09164 // JVNDB: JVNDB-2014-008614 // CNNVD: CNNVD-201804-1434 // NVD: CVE-2014-0882

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0882
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0882
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-09164
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201804-1434
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68375
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0882
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-09164
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-68375
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-0882
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-09164 // VULHUB: VHN-68375 // JVNDB: JVNDB-2014-008614 // CNNVD: CNNVD-201804-1434 // NVD: CVE-2014-0882

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-68375 // JVNDB: JVNDB-2014-008614 // NVD: CVE-2014-0882

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1434

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-1434

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008614

PATCH
title:CVE-2014-0882url:https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/
Trust: 0.8
title:MIGR-5094726url:https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726
Trust: 0.8
title:Patches for several IBM product IMM2 information disclosure vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/128495
Trust: 0.6
title:Multiple IBM product IMM2 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79703
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-09164 // 
            
            
            
            JVNDB: JVNDB-2014-008614 // 
            
            
            
            CNNVD: CNNVD-201804-1434

EXTERNAL IDS
db:NVDid:CVE-2014-0882
Trust: 3.1
db:JVNDBid:JVNDB-2014-008614
Trust: 0.8
db:CNNVDid:CNNVD-201804-1434
Trust: 0.7
db:CNVDid:CNVD-2018-09164
Trust: 0.6
db:VULHUBid:VHN-68375
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-09164 // 
            
            
            
            VULHUB: VHN-68375 // 
            
            
            
            JVNDB: JVNDB-2014-008614 // 
            
            
            
            CNNVD: CNNVD-201804-1434 // 
            
            
            
            NVD: CVE-2014-0882

REFERENCES
url:https://www.ibm.com/support/home/docdisplay?lndocid=migr-5094726
Trust: 2.3
url:https://support.lenovo.com/us/en/solutions/ht114525
Trust: 1.7
url:https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0882
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-0882
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-09164 // 
            
            
            
            VULHUB: VHN-68375 // 
            
            
            
            JVNDB: JVNDB-2014-008614 // 
            
            
            
            CNNVD: CNNVD-201804-1434 // 
            
            
            
            NVD: CVE-2014-0882

SOURCES
db:CNVDid:CNVD-2018-09164
db:VULHUBid:VHN-68375
db:JVNDBid:JVNDB-2014-008614
db:CNNVDid:CNNVD-201804-1434
db:NVDid:CVE-2014-0882

LAST UPDATE DATE
2024-11-23T23:12:13.399000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-09164date:2018-05-09T00:00:00
db:VULHUBid:VHN-68375date:2018-06-04T00:00:00
db:JVNDBid:JVNDB-2014-008614date:2018-06-22T00:00:00
db:CNNVDid:CNNVD-201804-1434date:2018-04-26T00:00:00
db:NVDid:CVE-2014-0882date:2024-11-21T02:02:58.330

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-09164date:2018-05-09T00:00:00
db:VULHUBid:VHN-68375date:2018-04-25T00:00:00
db:JVNDBid:JVNDB-2014-008614date:2018-06-22T00:00:00
db:CNNVDid:CNNVD-201804-1434date:2018-04-26T00:00:00
db:NVDid:CVE-2014-0882date:2018-04-25T20:29:00.447