CVE-2021-3723

Description

A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session.

Remediation

Workaround:

  • Lenovo has ended support for legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers as of December 31, 2019, therefore Lenovo recommends discontinuation of use. If it is not feasible to discontinue use of these systems, Lenovo recommends customers: Disable SSH and Telnet (This can be done in the Security and Network Protocol sections of the navigation pane after logging into the IMM web interface) Change the default Administrator password during initial configuration Enforce strong passwords Only grant access to trusted administrators

Category

7.2
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 1.20% Top 25%
Third-Party Advisory lenovo.com
Affected: IBM IBM System x 3550 M3
Affected: IBM IBM System x 3650 M3
Published at:
Updated at:

References

Link Tags
https://support.lenovo.com/us/en/product_security/LEN-66347 third party advisory

Frequently Asked Questions

What is the severity of CVE-2021-3723?
CVE-2021-3723 has been scored as a high severity vulnerability.
How to fix CVE-2021-3723?
As a workaround for remediating CVE-2021-3723: Lenovo has ended support for legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers as of December 31, 2019, therefore Lenovo recommends discontinuation of use. If it is not feasible to discontinue use of these systems, Lenovo recommends customers: Disable SSH and Telnet (This can be done in the Security and Network Protocol sections of the navigation pane after logging into the IMM web interface) Change the default Administrator password during initial configuration Enforce strong passwords Only grant access to trusted administrators
Is CVE-2021-3723 being actively exploited in the wild?
It is possible that CVE-2021-3723 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-3723?
CVE-2021-3723 affects IBM IBM System x 3550 M3, IBM IBM System x 3650 M3.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.