Exposure of Private Key in Lenovo System x IMM2 Firmware FFDC Log

Exposure of Private Key in Lenovo System x IMM2 Firmware FFDC Log

CVE-2019-6157 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.

Learn more about our Web App Pen Testing.