CVE-2019-6157
MEDIUMLenovo Flex System X240 M4 Firmware < 5.30 - Log Information Exposure
Title source: ruleDescription
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.lenovo.com/solutions/LEN-25667
Scores
CVSS v3
6.5
EPSS
0.0030
EPSS Percentile
53.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-532
Status
published
Products (42)
ibm/bladecenter_hs22_firmware
< 7.20
ibm/bladecenter_hs23_firmware
< 7.20
ibm/bladecenter_hs23e_firmware
< 7.20
ibm/flex_system_x220_m4_firmware
< 7.20
ibm/flex_system_x222_m4_firmware
< 7.20
ibm/flex_system_x240_m4_firmware
< 7.20
ibm/flex_system_x280_m4_firmware
< 7.20
ibm/flex_system_x440_m4_firmware
< 7.20
ibm/flex_system_x480_m4_firmware
< 7.20
ibm/flex_system_x880_m4_firmware
< 7.20
... and 32 more
Published
Apr 22, 2019
Tracked Since
Feb 18, 2026