CVE-2017-3768

Name of the Vulnerable Software and Affected Versions: Lenovo System x versions prior to 4.4 IBM System x versions prior to 6.4

Description: The issue allows an unprivileged attacker with connectivity to the IMM2 to cause a denial of service attack. This can be achieved by flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by tools such as LXCA and OneCLI. The attack exhausts available system memory, causing the IMM2 to reboot itself until the requests cease.

Recommendations: For Lenovo System x versions prior to 4.4, update to version 4.4 or later to resolve the issue. For IBM System x versions prior to 6.4, update to version 6.4 or later to resolve the issue.