CVE-2017-3744

Name of the Vulnerable Software and Affected Versions Lenovo System x servers (affected versions not specified)

Description The issue concerns the IMM2 firmware of Lenovo System x servers, where remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log. This can potentially expose clear text login information if the service log is generated while a remote command is running. Authorized users who can capture and export FFDC service log data may gain access to these remote commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.