Search
Find a vulnerability
Search criteria
2 vulnerabilities found for flex_system_x280_x6_firmware by ibm
CVE-2018-9085 (GCVE-0-2018-9085)
Vulnerability from nvd – Published: 2018-11-16 14:00 – Updated: 2024-08-05 07:17
VLAI
EPSS
VEX
Title
Missing System x Flash Memory Write Protection Lock Bit
Summary
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
Severity
No CVSS data available.
CWE
- Denial of service
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-24477 | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | System x UEFI |
Affected:
unspecified , < varies
(custom)
|
|
| IBM | System x UEFI |
Affected:
unspecified , < varies
(custom)
|
Date Public
2018-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System x UEFI",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "varies",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "System x UEFI",
"vendor": "IBM",
"versions": [
{
"lessThan": "varies",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-16T13:57:01.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
],
"solutions": [
{
"lang": "en",
"value": "Update UEFI firmware"
}
],
"source": {
"advisory": "LEN-24477",
"discovery": "INTERNAL"
},
"title": "Missing System x Flash Memory Write Protection Lock Bit",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9085",
"STATE": "PUBLIC",
"TITLE": "Missing System x Flash Memory Write Protection Lock Bit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System x UEFI",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "varies"
}
]
}
}
]
},
"vendor_name": "Lenovo"
},
{
"product": {
"product_data": [
{
"product_name": "System x UEFI",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "varies"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24477",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update UEFI firmware"
}
],
"source": {
"advisory": "LEN-24477",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9085",
"datePublished": "2018-11-16T14:00:00.000Z",
"dateReserved": "2018-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:50.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9085 (GCVE-0-2018-9085)
Vulnerability from cvelistv5 – Published: 2018-11-16 14:00 – Updated: 2024-08-05 07:17
VLAI
EPSS
VEX
Title
Missing System x Flash Memory Write Protection Lock Bit
Summary
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
Severity
No CVSS data available.
CWE
- Denial of service
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-24477 | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | System x UEFI |
Affected:
unspecified , < varies
(custom)
|
|
| IBM | System x UEFI |
Affected:
unspecified , < varies
(custom)
|
Date Public
2018-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System x UEFI",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "varies",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "System x UEFI",
"vendor": "IBM",
"versions": [
{
"lessThan": "varies",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-16T13:57:01.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
],
"solutions": [
{
"lang": "en",
"value": "Update UEFI firmware"
}
],
"source": {
"advisory": "LEN-24477",
"discovery": "INTERNAL"
},
"title": "Missing System x Flash Memory Write Protection Lock Bit",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9085",
"STATE": "PUBLIC",
"TITLE": "Missing System x Flash Memory Write Protection Lock Bit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System x UEFI",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "varies"
}
]
}
}
]
},
"vendor_name": "Lenovo"
},
{
"product": {
"product_data": [
{
"product_name": "System x UEFI",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "varies"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24477",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update UEFI firmware"
}
],
"source": {
"advisory": "LEN-24477",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9085",
"datePublished": "2018-11-16T14:00:00.000Z",
"dateReserved": "2018-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:50.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}