IMM2 FFDC includes Private Key

IMM2 FFDC includes Private Key

IMM2 FFDC includes Private Key

Lenovo Security Advisory: LEN-25667

Potential Impact: Information disclosure

Severity: Medium

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2019-6157

 

Summary Description:

In Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.

 

Mitigation Strategy for Customers (what you should do to protect yourself):

Upgrade to the firmware version (or newer) indicated for your model in the Product Impact section below.

 

Product Impact:

System x -Lenovo

System x (IBM)

 

Revision History:

Revision Date Description
2 2019-04-22 Corrected severity from High to Medium
1 2019-04-19 Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

Product Impact:

System x -Lenovo

Update to Integrated Management Module 2 (IMM2) v5.30 or higher for the following products:

Flex System x240 M4
Flex System x240 M5
Flex System x280 X6
Flex System x440 M4
Flex System x480 X6
Flex System x880
NeXtScale nx360 M5
System x3250 M6
System x3500 M5
System x3550 M5 (ThinkAgile CX2200/4200/4600)
System x3650 M5
System x3750 M4
System x3850 X6
System x3950 X6

 

System x (IBM)

Update to Integrated Management Module 2 (IMM2) v7.20, 1AOO88B or higher for the following products:

BladeCenter HS22
BladeCenter HS23
BladeCenter HS23E
Flex System x220 M4
Flex System x222 M4
Flex System x240 M4
Flex System x280 M4
Flex System x440 M4
Flex System x480 M4
Flex System x880 M4
iDataPlex dx360 M4
iDataPlex dx360 M4 Water Cooled
NeXtScale nx360 M4
System x3100 M4
System x3100 M5
System x3250 M4
System x3250 M5
System x3300 M4
System x3500 M4
System x3530 M4
System x3550 M4
System x3630 M4
System x3650 M4
System x3650 M4 BD
System x3650 M4 HD
System x3750 M4
System x3850 X6
System x3950 X6

 

 


Alias Id:LEN-25667
Document ID:PS500234
Original Publish Date:04/17/2019
Last Modified Date:04/22/2019