CVE-2018-9068

Name of the Vulnerable Software and Affected Versions Lenovo System x versions prior to 4.90 IBM System x versions prior to 6.80

Description The issue concerns the IMM2 First Failure Data Capture function, which collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server. In affected versions, the credentials to access the SFTP server are hard-coded, allowing an attacker with management network access to obtain the collected data.

Recommendations For Lenovo System x versions prior to 4.90, update to version 4.90 or later to generate random SFTP credentials. For IBM System x versions prior to 6.80, update to version 6.80 or later to generate random SFTP credentials.