PT-2018-13405 · Ibm · System Management Module
Published
2018-11-27
·
Updated
2019-10-03
·
CVE-2018-16092
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
System Management Module (SMM) versions prior to 1.06
Description
The issue concerns the collection of sensitive information by the FFDC feature in the SMM. This feature collects SMM system files, which include SMM user account credentials and the system shadow file, thus potentially exposing sensitive data.
Recommendations
For versions prior to 1.06, consider disabling the FFDC feature until a patch is available to prevent the collection of sensitive information.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
System Management Module