Security News > 2021 > September > No Patch for High-Severity Bug in Legacy IBM System X Servers

No Patch for High-Severity Bug in Legacy IBM System X Servers
2021-09-15 19:01

Two legacy IBM System x server models, retired in 2019, are open to attack and will not receive security patches, according to hardware maker Lenovo.

The two models, IBM System x 3550 M3 and IBM System x 3650 M3, are both vulnerable to command injection attacks.

The bug allows an adversary to execute arbitrary commands on either server model's operating system via a vulnerable application called Integrated Management Module.

On the back panel of System x models, serial and Ethernet connectors use the IMM for device management.

Both the System x 3550 M3 and System x 3650 M3 were introduced April 5, 2011 as midsized businesses solutions.

According to the Lenovo security bulletin, software and security support for System x 3550 and 3650 ended December 31, 2019.


News URL

https://threatpost.com/no-patch-for-ibm-system-x-servers/169491/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
IBM 1282 1496 3801 882 478 6657
X 24 3 31 7 7 48