CVE-2015-3324

ThinkServer System Manager <1.27.73476 - Man-in-the-middle

Title source: llm
STIX 2.1

Description

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74199
Patch, Vendor Advisory x_refsource_confirm
http://support.lenovo.com/us/en/product_security/tsm_weak_pw

Scores

EPSS 0.0014
EPSS Percentile 33.2%

Details

CWE
CWE-310
Status published
Products (1)
lenovo/thinkserver_system_manager_baseboard_management_controller_firmware 118.71532
Published Apr 16, 2015
Tracked Since Feb 18, 2026