Vulnerability Details CVE-2017-3774
A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2017-3774
-
cpe:2.3:a:lenovo:integrated_management_module_2:*
-
cpe:2.3:a:lenovo:integrated_management_module_2:4.70
-
cpe:2.3:h:ibm:bladecenter_hs22:-
-
cpe:2.3:h:ibm:bladecenter_hs23:-
-
cpe:2.3:h:ibm:bladecenter_hs23e:-
-
cpe:2.3:h:ibm:flex_system_x220_m4:-
-
cpe:2.3:h:ibm:flex_system_x222_m4:-
-
cpe:2.3:h:ibm:flex_system_x240_m4:-
-
cpe:2.3:h:ibm:flex_system_x280_m4:-
-
cpe:2.3:h:ibm:flex_system_x440_m4:-
-
cpe:2.3:h:ibm:flex_system_x480_m4:-
-
cpe:2.3:h:ibm:flex_system_x880_m4:-
-
cpe:2.3:h:ibm:idataplex_dx360_m4:-
-
cpe:2.3:h:ibm:idataplex_dx360_m4_water_cooled:-
-
cpe:2.3:h:ibm:nextscale_nx360_m4:-
-
cpe:2.3:h:ibm:system_x3100_m4:-
-
cpe:2.3:h:ibm:system_x3100_m5:-
-
cpe:2.3:h:ibm:system_x3250_m4:-
-
cpe:2.3:h:ibm:system_x3250_m5:-
-
cpe:2.3:h:ibm:system_x3300_m4:-
-
cpe:2.3:h:ibm:system_x3500_m4:-
-
cpe:2.3:h:ibm:system_x3530_m4:-
-
cpe:2.3:h:ibm:system_x3550_m4:-
-
cpe:2.3:h:ibm:system_x3630_m4:-
-
cpe:2.3:h:ibm:system_x3650_m4:-
-
cpe:2.3:h:ibm:system_x3650_m4_bd:-
-
cpe:2.3:h:ibm:system_x3650_m4_hd:-
-
cpe:2.3:h:ibm:system_x3750_m4:-
-
cpe:2.3:h:ibm:system_x3850_x6:-
-
cpe:2.3:h:ibm:system_x3950_x6:-
-
cpe:2.3:h:lenovo:flex_system_x240_m4:-
-
cpe:2.3:h:lenovo:flex_system_x240_m5:-
-
cpe:2.3:h:lenovo:flex_system_x280_x6:-
-
cpe:2.3:h:lenovo:flex_system_x440_m4:-
-
cpe:2.3:h:lenovo:flex_system_x480_x6:-
-
cpe:2.3:h:lenovo:flex_system_x880:-
-
cpe:2.3:h:lenovo:nextscale_nx360_m5:-
-
cpe:2.3:h:lenovo:system_x3250_m6:-
-
cpe:2.3:h:lenovo:system_x3500_m5:-
-
cpe:2.3:h:lenovo:system_x3550_m5:-
-
cpe:2.3:h:lenovo:system_x3650_m5:-
-
cpe:2.3:h:lenovo:system_x3750_m4:-
-
cpe:2.3:h:lenovo:system_x3850_x6:-
-
cpe:2.3:h:lenovo:system_x3950_x6:-