CVE-2015-3323

Published: Apr 16, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.

Affected (1)

Products: Lenovo: Thinkserver System Manager Baseboard Management Controller Firmware

Lenovo

1 product

Thinkserver System Manager Baseboard Management Controller Firmware

Configuration A

1 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver System Manager Baseboard Management Controller Firmware	Up to 118.71532.

Running on/with	Platform Versions
Lenovo Thinkserver Rd350	All versions
Lenovo Thinkserver Rd450	All versions
Lenovo Thinkserver Rd550	All versions
Lenovo Thinkserver Rd650	All versions
Lenovo Thinkserver Td350	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://support.lenovo.com/us/en/product_security/tsm_weak_pw

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/74197

Source: cve@mitre.org

http://support.lenovo.com/us/en/product_security/tsm_weak_pw

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/74197

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.