Merge pull request #1927 from lenpsirt/Lenovo_4-18-19_Advisories

4-18-19 Advisories
2025-08-04 08:44:25 +00:00 · 2019-04-22 11:21:34 -04:00 · 2019-04-22 11:21:34 -04:00 · 5fe50c8d03
commit 5fe50c8d03
parent 93ca5f1ebe fc98cba3f2
2 changed files with 168 additions and 30 deletions
--- a/2019/6xxx/CVE-2019-6155.json
+++ b/2019/6xxx/CVE-2019-6155.json
@ -1,18 +1,92 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-6155",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
+   "CVE_data_meta": {
+      "ASSIGNER": "psirt@lenovo.com",
+      "DATE_PUBLIC": "2019-04-18T16:00:00.000Z",
+      "ID": "CVE-2019-6155",
+      "STATE": "PUBLIC"
+   },
+   "affects": {
+      "vendor": {
+         "vendor_data": [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "System x BIOS",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "version_value": "various"
+                              }
+                           ]
+                        }
+                     },
+                     {
+                        "product_name": "BladeCenter BIOS",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "version_value": "various"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "IBM"
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
+         {
+            "lang": "eng",
+            "value": "A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service."
+         }
+      ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "HIGH",
+         "attackVector": "LOCAL",
+         "availabilityImpact": "HIGH",
+         "baseScore": 4.1,
+         "baseSeverity": "MEDIUM",
+         "confidentialityImpact": "NONE",
+         "integrityImpact": "NONE",
+         "privilegesRequired": "HIGH",
+         "scope": "UNCHANGED",
+         "userInteraction": "NONE",
+         "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
+         "version": "3.0"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "Denial of service"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "refsource": "CONFIRM",
+            "url": "https://support.lenovo.com/solutions/LEN-25165"
+         }
+      ]
+   },
+   "source": {
+      "advisory": "LEN-25165",
+      "discovery": "UNKNOWN"
+   }
+}
--- a/2019/6xxx/CVE-2019-6157.json
+++ b/2019/6xxx/CVE-2019-6157.json
@ -1,18 +1,82 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-6157",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
+   "CVE_data_meta": {
+      "ASSIGNER": "psirt@lenovo.com",
+      "DATE_PUBLIC": "2019-04-18T16:00:00.000Z",
+      "ID": "CVE-2019-6157",
+      "STATE": "PUBLIC"
+   },
+   "affects": {
+      "vendor": {
+         "vendor_data": [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "System x",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "version_value": "various"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Lenovo"
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
+         {
+            "lang": "eng",
+            "value": "In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support."
+         }
+      ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "LOW",
+         "attackVector": "NETWORK",
+         "availabilityImpact": "NONE",
+         "baseScore": 6.5,
+         "baseSeverity": "MEDIUM",
+         "confidentialityImpact": "HIGH",
+         "integrityImpact": "HIGH",
+         "privilegesRequired": "HIGH",
+         "scope": "UNCHANGED",
+         "userInteraction": "NONE",
+         "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
+         "version": "3.0"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "Information disclosure"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "refsource": "CONFIRM",
+            "url": "https://support.lenovo.com/solutions/LEN-25667"
+         }
+      ]
+   },
+   "source": {
+      "advisory": "LEN-25667",
+      "discovery": "UNKNOWN"
+   }
+}