CVE-2014-0882
MEDIUMIBM Integrated Management Module Firmware - Authenticated Exposure of Sensitive Information via Service Advisor Data
Title source: llmDescription
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://support.lenovo.com/us/en/solutions/ht114525
Vendor Advisory x_refsource_confirm
https://www.ibm.com/blogs/psirt/security-bulletin-account-specific-information-likely-to-be-present-in-service-advisor-data-ffdc-on-the-integrated-management-module-ii-imm2-cve-2014-0882/
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5094726
Scores
CVSS v3
6.5
EPSS
0.0123
EPSS Percentile
65.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (5)
ibm/integrated_management_module_firmware
3.50
ibm/integrated_management_module_firmware
3.55
ibm/integrated_management_module_firmware
3.56
ibm/integrated_management_module_firmware
3.65
ibm/integrated_management_module_firmware
3.67
Published
Apr 25, 2018
Tracked Since
Feb 18, 2026