Exposure of Private Key in Lenovo System x IMM2 Firmware FFDC Log
CVE-2019-6157 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
Learn more about our Web App Pen Testing.