CVE-2017-3744

Summary

CVE	CVE-2017-3744
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-06-20 00:29:00 UTC
Updated	2019-10-03 00:03:00 UTC
Description	In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.

Risk And Classification

Problem Types: CWE-532

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Ibm	Bladecenter Hs22	-	All	All	All
Hardware	Ibm	Bladecenter Hs22	-	All	All	All
Hardware	Ibm	Bladecenter Hs23	-	All	All	All
Hardware	Ibm	Bladecenter Hs23	-	All	All	All
Hardware	Ibm	Bladecenter Hs23e	-	All	All	All
Hardware	Ibm	Bladecenter Hs23e	-	All	All	All
Hardware	Ibm	Flex System X220 M4	-	All	All	All
Hardware	Ibm	Flex System X220 M4	-	All	All	All
Hardware	Ibm	Flex System X222 M4	-	All	All	All
Hardware	Ibm	Flex System X222 M4	-	All	All	All
Hardware	Ibm	Flex System X240 M4	-	All	All	All
Hardware	Ibm	Flex System X240 M4	-	All	All	All
Hardware	Ibm	Flex System X280 M4	-	All	All	All
Hardware	Ibm	Flex System X280 M4	-	All	All	All
Hardware	Ibm	Flex System X440 M4	-	All	All	All
Hardware	Ibm	Flex System X440 M4	-	All	All	All
Hardware	Ibm	Flex System X480 M4	-	All	All	All
Hardware	Ibm	Flex System X480 M4	-	All	All	All
Hardware	Ibm	Flex System X880 M4	-	All	All	All
Hardware	Ibm	Flex System X880 M4	-	All	All	All
Hardware	Ibm	Idataplex Dx360 M4	-	All	All	All
Hardware	Ibm	Idataplex Dx360 M4	-	All	All	All
Hardware	Ibm	Idataplex Dx360 M4 Water Cooled	-	All	All	All
Hardware	Ibm	Idataplex Dx360 M4 Water Cooled	-	All	All	All
Operating System	Ibm	Integrated Management Module Firmware	All	All	All	All
Hardware	Ibm	Nextscale Nx360 M4	-	All	All	All
Hardware	Ibm	Nextscale Nx360 M4	-	All	All	All
Hardware	Ibm	System X3100 M4	-	All	All	All
Hardware	Ibm	System X3100 M4	-	All	All	All
Hardware	Ibm	System X3100 M5	-	All	All	All
Hardware	Ibm	System X3100 M5	-	All	All	All
Hardware	Ibm	System X3250 M4	-	All	All	All
Hardware	Ibm	System X3250 M4	-	All	All	All
Hardware	Ibm	System X3250 M5	-	All	All	All
Hardware	Ibm	System X3250 M5	-	All	All	All
Hardware	Ibm	System X3300 M4	-	All	All	All
Hardware	Ibm	System X3300 M4	-	All	All	All
Hardware	Ibm	System X3500 M4	-	All	All	All
Hardware	Ibm	System X3500 M4	-	All	All	All
Hardware	Ibm	System X3530 M4	-	All	All	All
Hardware	Ibm	System X3530 M4	-	All	All	All
Hardware	Ibm	System X3550 M4	-	All	All	All
Hardware	Ibm	System X3550 M4	-	All	All	All
Hardware	Ibm	System X3630 M4	-	All	All	All
Hardware	Ibm	System X3630 M4	-	All	All	All
Hardware	Ibm	System X3650 M4	-	All	All	All
Hardware	Ibm	System X3650 M4	-	All	All	All
Hardware	Ibm	System X3650 M4 Bd	-	All	All	All
Hardware	Ibm	System X3650 M4 Bd	-	All	All	All
Hardware	Ibm	System X3650 M4 Hd	-	All	All	All
Hardware	Ibm	System X3650 M4 Hd	-	All	All	All
Hardware	Ibm	System X3750 M4	-	All	All	All
Hardware	Ibm	System X3750 M4	-	All	All	All
Hardware	Ibm	System X3850 X6	-	All	All	All
Hardware	Ibm	System X3850 X6	-	All	All	All
Hardware	Ibm	System X3950 X6	-	All	All	All
Hardware	Ibm	System X3950 X6	-	All	All	All
Hardware	Lenovo	Flex System X240 M4	-	All	All	All
Hardware	Lenovo	Flex System X240 M4	-	All	All	All
Hardware	Lenovo	Flex System X240 M5	-	All	All	All
Hardware	Lenovo	Flex System X240 M5	-	All	All	All
Hardware	Lenovo	Flex System X280 X6	-	All	All	All
Hardware	Lenovo	Flex System X280 X6	-	All	All	All
Hardware	Lenovo	Flex System X440 M4	-	All	All	All
Hardware	Lenovo	Flex System X440 M4	-	All	All	All
Hardware	Lenovo	Flex System X480 X6	-	All	All	All
Hardware	Lenovo	Flex System X480 X6	-	All	All	All
Hardware	Lenovo	Flex System X880	-	All	All	All
Hardware	Lenovo	Flex System X880	-	All	All	All
Operating System	Lenovo	Integrated Management Module Firmware	All	All	All	All
Hardware	Lenovo	Nextscale Nx360 M5	-	All	All	All
Hardware	Lenovo	Nextscale Nx360 M5	-	All	All	All
Hardware	Lenovo	System X3250 M6	-	All	All	All
Hardware	Lenovo	System X3250 M6	-	All	All	All
Hardware	Lenovo	System X3500 M5	-	All	All	All
Hardware	Lenovo	System X3500 M5	-	All	All	All
Hardware	Lenovo	System X3550 M5	-	All	All	All
Hardware	Lenovo	System X3550 M5	-	All	All	All
Hardware	Lenovo	System X3650 M5	-	All	All	All
Hardware	Lenovo	System X3650 M5	-	All	All	All
Hardware	Lenovo	System X3750 M4	-	All	All	All
Hardware	Lenovo	System X3750 M4	-	All	All	All
Hardware	Lenovo	System X3850 X6	-	All	All	All
Hardware	Lenovo	System X3850 X6	-	All	All	All
Hardware	Lenovo	System X3950 X6	-	All	All	All
Hardware	Lenovo	System X3950 X6	-	All	All	All
Hardware	Lenovo	Thinkagile Cx2200	-	All	All	All
Hardware	Lenovo	Thinkagile Cx2200	-	All	All	All
Hardware	Lenovo	Thinkagile Cx4200	-	All	All	All
Hardware	Lenovo	Thinkagile Cx4200	-	All	All	All
Hardware	Lenovo	Thinkagile Cx4600	-	All	All	All
Hardware	Lenovo	Thinkagile Cx4600	-	All	All	All

References

Reference	Source	Link	Tags
Login information processed by the IMM2 may be exposed to local IMM2 users - Lenovo Support US	CONFIRM	support.lenovo.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.