TPM Misconfiguration in IBM Flex System x222 Servers
CVE-2014-0881

7.4HIGH

Key Information:

Vendor

IBM
Status
Integrated Management Module Firmware
Vendor
CVE Published:
25 April 2018

What is CVE-2014-0881?

The Integrated Management Module II (IMM2) on IBM Flex System x222 servers is susceptible to a misconfiguration of the Trusted Platform Module (TPM). This vulnerability allows remote attackers to exploit the system, potentially leading to unauthorized access to sensitive key information or causing a denial of service. The issue arises specifically in firmware versions 1.00 through 3.56, making it crucial for users to update their systems and review configurations to mitigate potential risks.

References

https://support.lenovo.com/us/en/solutions/ht114524
x_refsource_CONFIRM
https://www.ibm.com/blogs/psirt/security-bulletin-tpm-on-...
x_refsource_CONFIRM
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.