A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.
                
            References
                    | Link | Resource | 
|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-19586 | Vendor Advisory | 
| https://support.lenovo.com/us/en/product_security/LEN-19586 | Vendor Advisory | 
Configurations
                    Configuration 1 (hide)
| AND | 
 
 | 
Configuration 2 (hide)
| AND | 
 
 | 
History
                    No history.
Information
                Published : 2018-04-19 14:29
Updated : 2024-11-21 03:26
NVD link : CVE-2017-3774
Mitre link : CVE-2017-3774
CVE.ORG link : CVE-2017-3774
JSON object : View
Products Affected
                lenovo
- flex_system_x280_x6
- system_x3500_m5
- flex_system_x240_m5
- flex_system_x240_m4
- nextscale_nx360_m5
- system_x3250_m6
- system_x3750_m4
- flex_system_x880
- flex_system_x440_m4
- system_x3950_x6
- integrated_management_module_2
- flex_system_x480_x6
- system_x3850_x6
- system_x3550_m5
- system_x3650_m5
ibm
- bladecenter_hs22
- system_x3300_m4
- system_x3750_m4
- idataplex_dx360_m4
- flex_system_x880_m4
- system_x3250_m4
- flex_system_x440_m4
- system_x3630_m4
- system_x3650_m4_bd
- idataplex_dx360_m4_water_cooled
- system_x3550_m4
- system_x3950_x6
- system_x3650_m4_hd
- bladecenter_hs23
- system_x3530_m4
- system_x3500_m4
- system_x3100_m5
- nextscale_nx360_m4
- system_x3850_x6
- bladecenter_hs23e
- flex_system_x280_m4
- flex_system_x480_m4
- flex_system_x220_m4
- flex_system_x222_m4
- system_x3100_m4
- system_x3250_m5
- system_x3650_m4
- flex_system_x240_m4
CWE
                
                    
                        
                        CWE-119
                        
            Improper Restriction of Operations within the Bounds of a Memory Buffer
