A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.
References
Link | Resource |
---|---|
https://support.lenovo.com/us/en/product_security/LEN-19586 | Vendor Advisory |
https://support.lenovo.com/us/en/product_security/LEN-19586 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
21 Nov 2024, 03:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.lenovo.com/us/en/product_security/LEN-19586 - Vendor Advisory |
Information
Published : 2018-04-19 14:29
Updated : 2024-11-21 03:26
NVD link : CVE-2017-3774
Mitre link : CVE-2017-3774
CVE.ORG link : CVE-2017-3774
JSON object : View
Products Affected
ibm
- bladecenter_hs22
- system_x3250_m5
- system_x3850_x6
- flex_system_x222_m4
- system_x3750_m4
- flex_system_x220_m4
- idataplex_dx360_m4
- flex_system_x280_m4
- system_x3300_m4
- system_x3630_m4
- system_x3650_m4_bd
- system_x3530_m4
- flex_system_x440_m4
- system_x3650_m4
- bladecenter_hs23
- system_x3100_m4
- system_x3100_m5
- system_x3550_m4
- flex_system_x880_m4
- nextscale_nx360_m4
- system_x3650_m4_hd
- flex_system_x480_m4
- idataplex_dx360_m4_water_cooled
- system_x3250_m4
- system_x3500_m4
- bladecenter_hs23e
- flex_system_x240_m4
- system_x3950_x6
lenovo
- flex_system_x880
- system_x3650_m5
- nextscale_nx360_m5
- flex_system_x280_x6
- system_x3550_m5
- integrated_management_module_2
- system_x3950_x6
- flex_system_x240_m4
- system_x3500_m5
- system_x3850_x6
- flex_system_x240_m5
- system_x3750_m4
- flex_system_x480_x6
- flex_system_x440_m4
- system_x3250_m6
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer