CVE-2014-0881
HIGHIBM Integrated Management Module Firmware 1.00-3.56 - Improper Access Control in TPM Configuration
Title source: llmDescription
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://support.lenovo.com/us/en/solutions/ht114524
Vendor Advisory x_refsource_confirm
https://www.ibm.com/blogs/psirt/security-bulletin-tpm-on-the-integrated-management-module-ii-imm2-of-flex-system-x222-compute-node-is-not-configured-correctly-cve-2014-0881/
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094725
Scores
CVSS v3
7.4
EPSS
0.0207
EPSS Percentile
79.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-284
Status
published
Products (1)
ibm/integrated_management_module_firmware
1.00 - 3.56
Published
Apr 25, 2018
Tracked Since
Feb 18, 2026