Stack Overflow Vulnerability in Lenovo and IBM Servers' Web Administration Service

Stack Overflow Vulnerability in Lenovo and IBM Servers' Web Administration Service

CVE-2017-3774 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.

Learn more about our Cis Benchmark Audit For Ibm I.