Lenovo stated in 2015 that both systems will be retired, but security upgrades would be provided for another five years.
Lenovo stated that two legacy IBM System x server models that were discontinued in 2019 are vulnerable to attack and will not receive security fixes. However, the firm is providing a workaround mitigation solution.
Both the IBM System x 3550 M3 and IBM System x 3650 M3 are vulnerable to command injection attacks. An attacker can use a vulnerable programme called Integrated Management Module to execute arbitrary instructions on either server model's operating system (IMM).
IMM performs system management functions. Serial and Ethernet connections on the back panel of System x models use the IMM for device management.
According to a Lenovo advisory published Tuesday, the flaw is in the IMM firmware code and “could allow the execution of operating system commands over an authenticated SSH or Telnet session ...
Copyright of this story solely belongs to ehackingnews.com . To see the full text click HERE