CVE-2021-3723 — HIGH (7.2) — White Hats Nepal

Vulnerability Description

A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ibm	System X3550 M3 Firmware	All versions
Ibm	System X3550 M3	-
Ibm	System X3650 M3 Firmware	All versions
Ibm	System X3650 M3	-

Related Weaknesses (CWE)

CWE-78

References

https://support.lenovo.com/us/en/product_security/LEN-66347Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-66347Third Party Advisory

FAQ

What is CVE-2021-3723?

CVE-2021-3723 is a vulnerability with a CVSS score of 7.2 (HIGH). A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating sys...

How severe is CVE-2021-3723?

CVE-2021-3723 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3723?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm System X3550 M3 Firmware, Ibm System X3550 M3, Ibm System X3650 M3 Firmware, Ibm System X3650 M3.