Account specific information may be present in Service Advisor data (FFDC) on IMM2.
Abstract
Account specific information may be present in Service Advisor
data (FFDC) on IMM2.
Content
Vulnerability Details:
CVE ID: CVE-2014-0882
Description:
There are certain configurations where the generated Service
Advisor data (FFDC) on the IMM2 system may contain specific account
information related to that configuration in the Service Advisor
data.
CVSS Base Score: 4.0
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/91149
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Affected products and versions
- Flex System x220 Compute Node
- Flex System x222 Compute Node
- Flex System x240 Compute Node
- Flex System x440 Compute Node
- Flex System Manager Node, 7955 and
8731
- NeXtScale nx360 M4
- System x3100 M4
- System x3250 M4
- System x3500 M4
- System x3530 M4
- System x3550 M4
- System x3630 M4
- System x3650 M4
- System x3750 M4
- System x iDataPlex dx360 M4
Firmware versions:
- v3.50 1AOO50B
- 3.55 1AOO50E
- 3.56 1AOO50K
- v3.65 1AOO50D
- v3.67 1AOO50G
Remediation:
IBM recommends updating to the following firmware level or
later. Firmware updates are available through IBM Fix Central.
- v3.78 1AOO52Y (Replaces v3.50 1AOO50B,
v3.55 1AOO50E, and v3.56 1AOO50K)
- v3.70 1AOO52Q (Replaces v3.65
1AOO50D)
- v3.71 1AOO52W (Replaces v3.65 1AOO50D for
System x3550 M4)
- v3.74 1AOO52R (Replaces v3.67
1AOO50G)
For Flex System Manager Node, IBM recommends applying the
following fix, available through IBM Fix Central
Workaround(s) & Mitigation(s):
None
References:
Related Information:
IBM
Secure Engineering Web Portal
IBM Product Security
Incident Response Blog
Acknowledgement
None
Change History
28 February 2014: Original Copy Published
* The CVSS Environment Score is customer environment specific
and will ultimately impact the Overall CVSS Score. Customers can
evaluate the impact of this vulnerability in their environments by
accessing the links in the Reference section of this Flash.
Note: According to the Forum of Incident Response and Security
Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an
"industry open standard designed to convey vulnerability severity
and help to determine urgency and priority of response." IBM
PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND,
INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE
IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
References
On
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
System x:Operating system independent / None
PureFlex System and Flex System:Operating system independent / None
Lenovo x86 servers:Operating system independent / None
[{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW341","label":"System x->System x3250 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU050","label":"BU NOT IDENTIFIED"},"Product":{"code":"HW94B","label":"PureFlex System and Flex System->x220 Compute Node"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU050","label":"BU NOT IDENTIFIED"},"Product":{"code":"HW94C","label":"PureFlex System and Flex System->x222 Compute Node"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"HW94D","label":"Flex System x240 Compute Node"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"HW94E","label":"PureFlex System and Flex System->x440 Compute Node"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX81","label":"System x->System x3500 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX82","label":"System x->System x3530 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX91","label":"System x->System x3550 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA3","label":"System x->System x3650 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA7","label":"System x->NeXtScale nx360 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXC2","label":"Lenovo x86 servers->Lenovo System x3630 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXF6","label":"System x->System x iDataPlex dx360 M4 server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXG6","label":"System x->System x3750 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXH1","label":"System x->System x3630 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXK0","label":"System x->System x3100 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXX0","label":"Lenovo x86 servers->Lenovo System x3500 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXX2","label":"Lenovo x86 servers->Lenovo System x3650 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}}]