Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for System x UEFI by IBM

    CVE-2018-9085 (GCVE-0-2018-9085)

    Vulnerability from nvd – Published: 2018-11-16 14:00 – Updated: 2024-08-05 07:17
    VLAI
    Title
    Missing System x Flash Memory Write Protection Lock Bit
    Summary
    A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
    Severity
    No CVSS data available.
    CWE
    • Denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo System x UEFI Affected: unspecified , < varies (custom)
    Create a notification for this product.
    IBM System x UEFI Affected: unspecified , < varies (custom)
    Create a notification for this product.
    Date Public
    2018-11-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.596Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System x UEFI",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "varies",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "System x UEFI",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThan": "varies",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-11-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-16T13:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update UEFI firmware"
            }
          ],
          "source": {
            "advisory": "LEN-24477",
            "discovery": "INTERNAL"
          },
          "title": "Missing System x Flash Memory Write Protection Lock Bit",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9085",
              "STATE": "PUBLIC",
              "TITLE": "Missing System x Flash Memory Write Protection Lock Bit"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System x UEFI",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "varies"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System x UEFI",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "varies"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-24477",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update UEFI firmware"
              }
            ],
            "source": {
              "advisory": "LEN-24477",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9085",
        "datePublished": "2018-11-16T14:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.596Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9085 (GCVE-0-2018-9085)

    Vulnerability from cvelistv5 – Published: 2018-11-16 14:00 – Updated: 2024-08-05 07:17
    VLAI
    Title
    Missing System x Flash Memory Write Protection Lock Bit
    Summary
    A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
    Severity
    No CVSS data available.
    CWE
    • Denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo System x UEFI Affected: unspecified , < varies (custom)
    Create a notification for this product.
    IBM System x UEFI Affected: unspecified , < varies (custom)
    Create a notification for this product.
    Date Public
    2018-11-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.596Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System x UEFI",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "varies",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "System x UEFI",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThan": "varies",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-11-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-16T13:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update UEFI firmware"
            }
          ],
          "source": {
            "advisory": "LEN-24477",
            "discovery": "INTERNAL"
          },
          "title": "Missing System x Flash Memory Write Protection Lock Bit",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9085",
              "STATE": "PUBLIC",
              "TITLE": "Missing System x Flash Memory Write Protection Lock Bit"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System x UEFI",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "varies"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System x UEFI",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "varies"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-24477",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update UEFI firmware"
              }
            ],
            "source": {
              "advisory": "LEN-24477",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9085",
        "datePublished": "2018-11-16T14:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.596Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }