CVE-2019-6157 MEDIUM

CVE-2019-6157

Vendor Lenovo
Product System x
Published April 22, 2019
Last update September 17, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.

Key dates

02Disclosure timeline

April 22, 2019 CVE published
September 17, 2024 Record updated