Vulnerabilites related to ibm - bladecenter
cve-2013-4038
Vulnerability from cvelistv5
Published
2013-08-09 23:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86174 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4038",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2656
Vulnerability from cvelistv5
Published
2010-07-07 18:00
Modified
2024-08-07 02:39
Severity ?
EPSS score ?
Summary
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/14237/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/41383 | vdb-entry, x_refsource_BID | |
| http://dsecrg.com/pages/vul/show.php?id=154 | x_refsource_MISC | |
| http://osvdb.org/66123 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:38.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14237",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "41383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66123",
"refsource": "OSVDB",
"url": "http://osvdb.org/66123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2656",
"datePublished": "2010-07-07T18:00:00",
"dateReserved": "2010-07-07T00:00:00",
"dateUpdated": "2024-08-07T02:39:38.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1290
Vulnerability from cvelistv5
Published
2009-04-13 16:00
Modified
2024-08-07 05:04
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/502582/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/34447 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1022025 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/53660 | vdb-entry, x_refsource_OSVDB | |
| http://www.louhinetworks.fi/advisory/ibm_090409.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "34447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53660",
"refsource": "OSVDB",
"url": "http://osvdb.org/53660"
},
{
"name": "http://www.louhinetworks.fi/advisory/ibm_090409.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1290",
"datePublished": "2009-04-13T16:00:00",
"dateReserved": "2009-04-13T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9085
Vulnerability from cvelistv5
Published
2018-11-16 14:00
Modified
2024-08-05 07:17
Severity ?
EPSS score ?
Summary
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-24477 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Lenovo | System x UEFI |
Version: unspecified < varies |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System x UEFI",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "varies",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "System x UEFI",
"vendor": "IBM",
"versions": [
{
"lessThan": "varies",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-16T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
],
"solutions": [
{
"lang": "en",
"value": "Update UEFI firmware"
}
],
"source": {
"advisory": "LEN-24477",
"discovery": "INTERNAL"
},
"title": "Missing System x Flash Memory Write Protection Lock Bit",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9085",
"STATE": "PUBLIC",
"TITLE": "Missing System x Flash Memory Write Protection Lock Bit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System x UEFI",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "varies"
}
]
}
}
]
},
"vendor_name": "Lenovo"
},
{
"product": {
"product_data": [
{
"product_name": "System x UEFI",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "varies"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24477",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update UEFI firmware"
}
],
"source": {
"advisory": "LEN-24477",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9085",
"datePublished": "2018-11-16T14:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4030
Vulnerability from cvelistv5
Published
2014-01-21 01:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86068 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4030",
"datePublished": "2014-01-21T01:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3752
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-16 23:36
Severity ?
EPSS score ?
Summary
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-14078 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99995 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | Lenovo and IBM Switch Products |
Version: Various |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-14078"
},
{
"name": "99995",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo and IBM Switch Products",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Various"
}
]
}
],
"datePublic": "2017-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Erasure or alteration of routing tables within a routing domain",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-14078"
},
{
"name": "99995",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99995"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2017-07-27T00:00:00",
"ID": "CVE-2017-3752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo and IBM Switch Products",
"version": {
"version_data": [
{
"version_value": "Various"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Erasure or alteration of routing tables within a routing domain"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-14078",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-14078"
},
{
"name": "99995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99995"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2017-3752",
"datePublished": "2017-08-09T21:00:00Z",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-09-16T23:36:44.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3935
Vulnerability from cvelistv5
Published
2009-11-12 16:00
Modified
2024-09-16 19:55
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/36970 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/3188 | vdb-entry, x_refsource_VUPEN | |
| ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36970",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36970"
},
{
"name": "ADV-2009-3188",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36970",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36970"
},
{
"name": "ADV-2009-3188",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36970"
},
{
"name": "ADV-2009-3188",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3188"
},
{
"name": "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg",
"refsource": "CONFIRM",
"url": "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3935",
"datePublished": "2009-11-12T16:00:00Z",
"dateReserved": "2009-11-12T00:00:00Z",
"dateUpdated": "2024-09-16T19:55:50.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1288
Vulnerability from cvelistv5
Published
2009-04-13 16:00
Modified
2024-08-07 05:04
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/502582/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/53658 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/34447 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1022025 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/53657 | vdb-entry, x_refsource_OSVDB | |
| http://www.louhinetworks.fi/advisory/ibm_090409.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53658",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53658"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53658",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53658"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53658",
"refsource": "OSVDB",
"url": "http://osvdb.org/53658"
},
{
"name": "34447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53657",
"refsource": "OSVDB",
"url": "http://osvdb.org/53657"
},
{
"name": "http://www.louhinetworks.fi/advisory/ibm_090409.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1288",
"datePublished": "2009-04-13T16:00:00",
"dateReserved": "2009-04-13T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2655
Vulnerability from cvelistv5
Published
2010-07-07 18:00
Modified
2024-08-07 02:39
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/14237/ | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/66124 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/41383 | vdb-entry, x_refsource_BID | |
| http://dsecrg.com/pages/vul/show.php?id=154 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66124",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66124"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66124",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66124"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14237",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66124",
"refsource": "OSVDB",
"url": "http://osvdb.org/66124"
},
{
"name": "41383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2655",
"datePublished": "2010-07-07T18:00:00",
"dateReserved": "2010-07-07T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4007
Vulnerability from cvelistv5
Published
2013-08-16 01:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85274 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "advancedmm-cve20134007-xss(85274)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "advancedmm-cve20134007-xss(85274)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "advancedmm-cve20134007-xss(85274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85274"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4007",
"datePublished": "2013-08-16T01:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2654
Vulnerability from cvelistv5
Published
2010-07-07 18:00
Modified
2024-08-07 02:39
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/14237/ | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/66125 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/66128 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/66130 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/41383 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/66127 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/66129 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/66122 | vdb-entry, x_refsource_OSVDB | |
| http://dsecrg.com/pages/vul/show.php?id=154 | x_refsource_MISC | |
| http://osvdb.org/66126 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66125"
},
{
"name": "66128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66128"
},
{
"name": "66130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66130"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "66127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66127"
},
{
"name": "66129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66129"
},
{
"name": "66122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66125"
},
{
"name": "66128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66128"
},
{
"name": "66130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66130"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "66127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66127"
},
{
"name": "66129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66129"
},
{
"name": "66122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14237",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66125",
"refsource": "OSVDB",
"url": "http://osvdb.org/66125"
},
{
"name": "66128",
"refsource": "OSVDB",
"url": "http://osvdb.org/66128"
},
{
"name": "66130",
"refsource": "OSVDB",
"url": "http://osvdb.org/66130"
},
{
"name": "41383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "66127",
"refsource": "OSVDB",
"url": "http://osvdb.org/66127"
},
{
"name": "66129",
"refsource": "OSVDB",
"url": "http://osvdb.org/66129"
},
{
"name": "66122",
"refsource": "OSVDB",
"url": "http://osvdb.org/66122"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66126",
"refsource": "OSVDB",
"url": "http://osvdb.org/66126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2654",
"datePublished": "2010-07-07T18:00:00",
"dateReserved": "2010-07-07T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4037
Vulnerability from cvelistv5
Published
2013-08-09 23:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86173 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4037",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1289
Vulnerability from cvelistv5
Published
2009-04-13 16:00
Modified
2024-08-07 05:04
Severity ?
EPSS score ?
Summary
private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/502582/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/53659 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/34447 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1022025 | vdb-entry, x_refsource_SECTRACK | |
| http://www.louhinetworks.fi/advisory/ibm_090409.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53659"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53659"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53659",
"refsource": "OSVDB",
"url": "http://osvdb.org/53659"
},
{
"name": "34447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "http://www.louhinetworks.fi/advisory/ibm_090409.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1289",
"datePublished": "2009-04-13T16:00:00",
"dateReserved": "2009-04-13T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1460
Vulnerability from cvelistv5
Published
2010-04-16 18:00
Modified
2024-08-07 01:28
Severity ?
EPSS score ?
Summary
The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945&brandind=5000020 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/39499 | vdb-entry, x_refsource_BID | |
| http://dsecrg.com/pages/vul/show.php?id=149 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/510744/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:40.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020"
},
{
"name": "39499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39499"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=149"
},
{
"name": "20100415 [DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510744/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020"
},
{
"name": "39499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39499"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=149"
},
{
"name": "20100415 [DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510744/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020",
"refsource": "CONFIRM",
"url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020"
},
{
"name": "39499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39499"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=149",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=149"
},
{
"name": "20100415 [DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510744/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1460",
"datePublished": "2010-04-16T18:00:00",
"dateReserved": "2010-04-16T00:00:00",
"dateUpdated": "2024-08-07T01:28:40.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4031
Vulnerability from cvelistv5
Published
2013-08-09 23:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86172 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4031",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8232
Vulnerability from cvelistv5
Published
2017-03-01 21:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-5700 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/121443 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/95839 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z |
Version: Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-5700"
},
{
"name": "lenovo-cve20168232-xss(121443)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121443"
},
{
"name": "95839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z"
}
]
}
],
"datePublic": "2017-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM\u0027s IP address to send a crafted URL that could inject a malicious script to access a user\u0027s AMM data such as cookies or other session information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DOM-Based XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-03T20:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-5700"
},
{
"name": "lenovo-cve20168232-xss(121443)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121443"
},
{
"name": "95839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z",
"version": {
"version_data": [
{
"version_value": "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM\u0027s IP address to send a crafted URL that could inject a malicious script to access a user\u0027s AMM data such as cookies or other session information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DOM-Based XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-5700",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-5700"
},
{
"name": "lenovo-cve20168232-xss(121443)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121443"
},
{
"name": "95839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2016-8232",
"datePublished": "2017-03-01T21:00:00",
"dateReserved": "2016-09-16T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-07-08 12:54
Modified
2024-11-21 01:17
Severity ?
Summary
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:*:l:*:*:*:*:*:*",
"matchCriteriaId": "AC52F58A-CC17-48B4-ABB1-7470AE5FFBDE",
"versionEndIncluding": "2.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "478D3D8F-338F-494A-A3FF-5B1007DD90CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "DF211E79-BC73-4D6A-8153-19AEE82345D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "231325FC-D582-41B6-8CF4-07FEE414D19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:f:*:*:*:*:*:*",
"matchCriteriaId": "F2F265EA-4CDD-4B6F-9212-74D395F6034A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01662B-8A72-4011-AA27-5A12C6B56FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:e:*:*:*:*:*:*",
"matchCriteriaId": "9DFF42E1-162B-46EA-BDB6-E3452201550A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:i:*:*:*:*:*:*",
"matchCriteriaId": "BBFF96E9-59AB-40D8-A531-7FB36A4B1E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:b:*:*:*:*:*:*",
"matchCriteriaId": "EACAF1A3-EADC-4E15-AE0C-76F6E1FE5219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:e:*:*:*:*:*:*",
"matchCriteriaId": "0E5AA726-67C7-43EF-AB4C-DC9EC2AB39A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:h:*:*:*:*:*:*",
"matchCriteriaId": "0B967754-11D2-4903-AB8E-6608FD0FD836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:i:*:*:*:*:*:*",
"matchCriteriaId": "1F293BB5-4169-49EC-8DF4-3F0575F7F4D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:k:*:*:*:*:*:*",
"matchCriteriaId": "178B4552-5FE7-439F-86C4-5123F23F4117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.28:g:*:*:*:*:*:*",
"matchCriteriaId": "F58BC7F2-438E-4681-9741-7A8DC581DE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.32:d:*:*:*:*:*:*",
"matchCriteriaId": "86CF34AF-A48D-4CE0-9144-5209A16C9C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:b:*:*:*:*:*:*",
"matchCriteriaId": "A555F94B-2D23-4ED6-947C-CBEC1A2768C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:e:*:*:*:*:*:*",
"matchCriteriaId": "AEC68099-D84F-4516-8D6A-3580F49DF4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:d:*:*:*:*:*:*",
"matchCriteriaId": "304A13AA-E04B-43B6-84DD-3235170F5C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:g:*:*:*:*:*:*",
"matchCriteriaId": "F26C2C6D-D2E1-42D6-A700-53AD1D3A3876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:h:*:*:*:*:*:*",
"matchCriteriaId": "5F61FF30-2B40-44A3-8257-69E92EC0DE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:k:*:*:*:*:*:*",
"matchCriteriaId": "EF1B6195-649E-4577-99F3-B04C0B762FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:d:*:*:*:*:*:*",
"matchCriteriaId": "377C2D86-620B-4BC8-A118-9B52EBC609D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:f:*:*:*:*:*:*",
"matchCriteriaId": "E9BB015A-30D6-4942-BAC6-DD96E151B8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:i:*:*:*:*:*:*",
"matchCriteriaId": "7B916267-C840-48C5-B3DC-73BCDA9C91C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:n:*:*:*:*:*:*",
"matchCriteriaId": "6D979D22-C158-41DE-8AFA-EF3C040B1F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:o:*:*:*:*:*:*",
"matchCriteriaId": "66B0F30E-1E3F-4BD4-BE24-0A26C4CA56E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:t:*:*:*:*:*:*",
"matchCriteriaId": "2C927655-9D61-4921-AA51-27E7D6A2007C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:c:*:*:*:*:*:*",
"matchCriteriaId": "1ED4EBB8-760C-4DA6-8404-3BB104D08656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:j:*:*:*:*:*:*",
"matchCriteriaId": "C65476D1-5104-4DE1-B0DF-FBD811F74ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:c:*:*:*:*:*:*",
"matchCriteriaId": "A2F8CD93-5278-43F6-87E0-0FED8ACD330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:d:*:*:*:*:*:*",
"matchCriteriaId": "6460DE58-67FA-44AE-B20F-A60BAC07F516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:g:*:*:*:*:*:*",
"matchCriteriaId": "54EAE737-288C-4F0E-A510-44C8B4B94E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:n:*:*:*:*:*:*",
"matchCriteriaId": "D29A5D9C-E5F7-4228-A63F-82F2A55E242E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:c:*:*:*:*:*:*",
"matchCriteriaId": "EA87A054-0FF2-407C-95C7-21CC7C98801C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:g:*:*:*:*:*:*",
"matchCriteriaId": "8BDD8DB8-3B3B-4A10-BEF5-703D6DB7E874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:k:*:*:*:*:*:*",
"matchCriteriaId": "0D10BE3E-7AB3-4F75-BB38-BB9EB5D27BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:p:*:*:*:*:*:*",
"matchCriteriaId": "2274C274-E094-4F01-9D81-B5FC1FAD3F8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C9F62C-79C0-4079-824C-E076DA20CE2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz."
},
{
"lang": "es",
"value": "El BladeCenter de IBM con Advanced Management Module (AMM) firmware build ID BPET48L, y posiblemente otras versiones anteriores a v4.7 y v5.0, almacena informaci\u00f3n sensible bajo la ra\u00edz web con insuficiente control de acceso, lo cual permite a los atacantes remotos descargar (1) logs o (2) archivos del n\u00facleo mediante una petici\u00f3n directa, como se ha demostrado mediante una petici\u00f3n para private/sdc.tgz."
}
],
"id": "CVE-2010-2656",
"lastModified": "2024-11-21T01:17:06.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-08T12:54:47.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66123"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41383"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-16 01:55
Modified
2024-11-21 01:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:*:l:*:*:*:*:*:*",
"matchCriteriaId": "AC52F58A-CC17-48B4-ABB1-7470AE5FFBDE",
"versionEndIncluding": "2.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:*:g:*:*:*:*:*:*",
"matchCriteriaId": "65D8F61D-3A9B-4851-A59E-B7594DFDE9A8",
"versionEndIncluding": "3.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "478D3D8F-338F-494A-A3FF-5B1007DD90CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "DF211E79-BC73-4D6A-8153-19AEE82345D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "231325FC-D582-41B6-8CF4-07FEE414D19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:f:*:*:*:*:*:*",
"matchCriteriaId": "F2F265EA-4CDD-4B6F-9212-74D395F6034A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01662B-8A72-4011-AA27-5A12C6B56FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:e:*:*:*:*:*:*",
"matchCriteriaId": "9DFF42E1-162B-46EA-BDB6-E3452201550A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:i:*:*:*:*:*:*",
"matchCriteriaId": "BBFF96E9-59AB-40D8-A531-7FB36A4B1E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:b:*:*:*:*:*:*",
"matchCriteriaId": "EACAF1A3-EADC-4E15-AE0C-76F6E1FE5219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:e:*:*:*:*:*:*",
"matchCriteriaId": "0E5AA726-67C7-43EF-AB4C-DC9EC2AB39A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:h:*:*:*:*:*:*",
"matchCriteriaId": "0B967754-11D2-4903-AB8E-6608FD0FD836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:i:*:*:*:*:*:*",
"matchCriteriaId": "1F293BB5-4169-49EC-8DF4-3F0575F7F4D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:k:*:*:*:*:*:*",
"matchCriteriaId": "178B4552-5FE7-439F-86C4-5123F23F4117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.28:g:*:*:*:*:*:*",
"matchCriteriaId": "F58BC7F2-438E-4681-9741-7A8DC581DE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.32:d:*:*:*:*:*:*",
"matchCriteriaId": "86CF34AF-A48D-4CE0-9144-5209A16C9C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:b:*:*:*:*:*:*",
"matchCriteriaId": "A555F94B-2D23-4ED6-947C-CBEC1A2768C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:e:*:*:*:*:*:*",
"matchCriteriaId": "AEC68099-D84F-4516-8D6A-3580F49DF4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:d:*:*:*:*:*:*",
"matchCriteriaId": "304A13AA-E04B-43B6-84DD-3235170F5C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:g:*:*:*:*:*:*",
"matchCriteriaId": "F26C2C6D-D2E1-42D6-A700-53AD1D3A3876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:h:*:*:*:*:*:*",
"matchCriteriaId": "5F61FF30-2B40-44A3-8257-69E92EC0DE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:k:*:*:*:*:*:*",
"matchCriteriaId": "EF1B6195-649E-4577-99F3-B04C0B762FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:d:*:*:*:*:*:*",
"matchCriteriaId": "377C2D86-620B-4BC8-A118-9B52EBC609D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:f:*:*:*:*:*:*",
"matchCriteriaId": "E9BB015A-30D6-4942-BAC6-DD96E151B8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:i:*:*:*:*:*:*",
"matchCriteriaId": "7B916267-C840-48C5-B3DC-73BCDA9C91C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:n:*:*:*:*:*:*",
"matchCriteriaId": "6D979D22-C158-41DE-8AFA-EF3C040B1F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:o:*:*:*:*:*:*",
"matchCriteriaId": "66B0F30E-1E3F-4BD4-BE24-0A26C4CA56E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:t:*:*:*:*:*:*",
"matchCriteriaId": "2C927655-9D61-4921-AA51-27E7D6A2007C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:c:*:*:*:*:*:*",
"matchCriteriaId": "1ED4EBB8-760C-4DA6-8404-3BB104D08656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:j:*:*:*:*:*:*",
"matchCriteriaId": "C65476D1-5104-4DE1-B0DF-FBD811F74ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:c:*:*:*:*:*:*",
"matchCriteriaId": "A2F8CD93-5278-43F6-87E0-0FED8ACD330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:d:*:*:*:*:*:*",
"matchCriteriaId": "6460DE58-67FA-44AE-B20F-A60BAC07F516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:g:*:*:*:*:*:*",
"matchCriteriaId": "54EAE737-288C-4F0E-A510-44C8B4B94E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:n:*:*:*:*:*:*",
"matchCriteriaId": "D29A5D9C-E5F7-4228-A63F-82F2A55E242E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:c:*:*:*:*:*:*",
"matchCriteriaId": "EA87A054-0FF2-407C-95C7-21CC7C98801C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:g:*:*:*:*:*:*",
"matchCriteriaId": "8BDD8DB8-3B3B-4A10-BEF5-703D6DB7E874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:k:*:*:*:*:*:*",
"matchCriteriaId": "0D10BE3E-7AB3-4F75-BB38-BB9EB5D27BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:p:*:*:*:*:*:*",
"matchCriteriaId": "2274C274-E094-4F01-9D81-B5FC1FAD3F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:3.54:d:*:*:*:*:*:*",
"matchCriteriaId": "542C8BC6-078E-4B06-8092-31F8BE90E382",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en adv_sw.php en Advanced Management Module (AMM) con firmware BBET anterior a BBET64G y BPET anterior a BPET64G para sistemas IBM BladeCenter, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores desconocidos."
}
],
"id": "CVE-2013-4007",
"lastModified": "2024-11-21T01:54:42.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-16T01:55:16.113",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85274"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-09 21:29
Modified
2024-11-21 03:26
Severity ?
Summary
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | http://www.securityfocus.com/bid/99995 | Third Party Advisory, VDB Entry | |
| psirt@lenovo.com | https://support.lenovo.com/us/en/product_security/LEN-14078 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99995 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/product_security/LEN-14078 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:1g_l2-7_slb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C373989-F05A-495C-9099-3475B4B49DD7",
"versionEndIncluding": "21.0.24.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:1\\:10g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5957C6B8-870E-487F-B003-C751847B4179",
"versionEndIncluding": "7.4.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:layer_2\\/3_copper_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "851856BA-623E-4030-B53A-B276CB3551F2",
"versionEndIncluding": "5.3.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:virtual_fabric_10gb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6147AD83-A935-4228-B4F5-B9F44C142DCA",
"versionEndIncluding": "7.8.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:en2092_1gb_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "090ECD7A-C62C-4C8F-B7A0-EBD085FC113E",
"versionEndIncluding": "7.8.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB91913-36E2-4CCD-8F06-9559686354E1",
"versionEndIncluding": "7.8.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:fabric_en4093\\/en4093r_10gb_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BFB21C-2618-4C36-8100-D0AD973DEED9",
"versionEndIncluding": "7.8.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:g8052_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C523570-23D7-4D7C-BD7B-3F88792D691A",
"versionEndIncluding": "7.9.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:g8124_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C619041-574D-4F20-B6E2-20C8DF0C48DD",
"versionEndIncluding": "7.11.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:g8124e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B625F3-7530-4704-8D34-4AE0CB6017F0",
"versionEndIncluding": "7.11.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:g8264_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0230A2-652F-4979-843F-F386B27ED200",
"versionEndIncluding": "7.9.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:g8264cs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32E2E71B-3CEF-427A-B383-3E91F889FFDA",
"versionEndIncluding": "7.8.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:g8264t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52078020-A91C-4C90-816D-D035324A59C4",
"versionEndIncluding": "7.9.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:g8316_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C53AF1F2-C22A-46AE-A0EB-B78715F800BA",
"versionEndIncluding": "7.9.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:g8332_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76BE4F68-3093-4104-8848-087971C350EC",
"versionEndIncluding": "7.7.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AE62EB-61FC-4FBC-886E-956F18D3ABFB",
"versionEndIncluding": "8.4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:fabric_en4093r_10gb_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA0F8CD7-B875-47DB-AE77-DEF269321627",
"versionEndIncluding": "8.4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:si4091_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2F5AE9-9942-4D9B-B7C1-3A821F9473C2",
"versionEndIncluding": "8.4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:g8052_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73DD6C3A-3447-4538-9671-2B2075DAC741",
"versionEndIncluding": "8.4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:g8124e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A70DD7D3-405F-4BC6-BEF7-1827AE29AEF5",
"versionEndIncluding": "8.4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:g8264_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "639A4EA4-DFA9-4A7A-B22E-23C150DD2E8B",
"versionEndIncluding": "8.4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:g8264cs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA4508C-4DDE-4E84-826F-9C3AA475A34C",
"versionEndIncluding": "8.4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:g8272_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37008C3A-0DE7-40A8-A945-AB7FD92A6395",
"versionEndIncluding": "8.4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:g8296_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E93F011-AA73-40B0-A3BC-BAD75BB6B627",
"versionEndIncluding": "8.4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:g8332_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7607ACCB-235B-4116-BE00-39911040EAE1",
"versionEndIncluding": "8.4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad que afecta a toda la industria en la implementaci\u00f3n del protocolo de enrutamiento Open Shortest Path First (OSPF) empleado en algunos switches Lenovo. La explotaci\u00f3n de estos fallos de implementaci\u00f3n puede dar lugar a que los atacantes consigan borrar o alterar las tablas de de enrutamiento de uno o muchos routers, switches u otros dispositivos que son compatibles con OSPF en un dominio de enrutamiento."
}
],
"id": "CVE-2017-3752",
"lastModified": "2024-11-21T03:26:04.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-09T21:29:01.600",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99995"
},
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-14078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-14078"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-21 01:55
Modified
2024-11-21 01:54
Severity ?
Summary
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:integrated_management_module_2:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "365DA842-58EB-422E-9DE2-EDCA63BE0600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:integrated_management_module_2:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACD330F-69B2-4C9C-AF1E-14DDC84B6C68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_node_7955:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A537D2-61E1-44D1-BDCC-250E4FD42CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_node_8731:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A37D3256-F4C1-46B6-9168-C572321DDF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_node_8734:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C453D5-F8D3-4945-9880-61743E1949C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_direct_water_cooled_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA69662-2ED2-4CA7-BE7B-DEA1380A9EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46A6BD72-DC1E-4760-AFEE-9D1C8EE1C97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic."
},
{
"lang": "es",
"value": "Integrated Management Module (IMM) 2 1.00 hasta 2.00 de los servidores IBM System X y Flex System soporta conjuntos de cifrado SSL con claves cortas, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos romper la proteccion criptografica de los mecanismos de de cifrado a trav\u00e9s de (1) un ataque de fuerza bruta contra SSL o (2) El tr\u00e1fico TLS."
}
],
"id": "CVE-2013-4030",
"lastModified": "2024-11-21T01:54:44.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-21T01:55:03.480",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-09 23:55
Modified
2024-11-21 01:54
Severity ?
Summary
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | bladecenter | hs22 | |
| ibm | bladecenter | hs22v | |
| ibm | bladecenter | hs23 | |
| ibm | bladecenter | hs23e | |
| ibm | bladecenter | hx5 | |
| ibm | flex_system_x220_compute_node | - | |
| ibm | flex_system_x240_compute_node | - | |
| ibm | flex_system_x440_compute_node | - | |
| ibm | system_x_idataplex_dx360_m2_server | - | |
| ibm | system_x_idataplex_dx360_m3_server | - | |
| ibm | system_x_idataplex_dx360_m4_server | - | |
| ibm | system_x3100_m4 | - | |
| ibm | system_x3200_m3 | - | |
| ibm | system_x3250_m3 | - | |
| ibm | system_x3250_m4 | - | |
| ibm | system_x3400_m2 | - | |
| ibm | system_x3400_m3 | - | |
| ibm | system_x3500_m2 | - | |
| ibm | system_x3500_m3 | - | |
| ibm | system_x3500_m4 | - | |
| ibm | system_x3530_m4 | - | |
| ibm | system_x3550_m2 | - | |
| ibm | system_x3550_m3 | - | |
| ibm | system_x3550_m4 | - | |
| ibm | system_x3620_m3 | - | |
| ibm | system_x3630_m3 | - | |
| ibm | system_x3630_m4 | - | |
| ibm | system_x3650_m2 | - | |
| ibm | system_x3650_m3 | - | |
| ibm | system_x3650_m4 | - | |
| ibm | system_x3690_x5 | - | |
| ibm | system_x3750_m4 | - | |
| ibm | system_x3850_x5 | - | |
| ibm | system_x3950_x5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
},
{
"lang": "es",
"value": "El protocolo RAKP soportado en la implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, and System x3###, env\u00eda una contrase\u00f1a hash al cliente, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2013-4037",
"lastModified": "2024-11-21T01:54:45.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T23:55:02.863",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-16 18:30
Modified
2024-11-21 01:14
Severity ?
Summary
The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:*:c:*:*:*:*:*:*",
"matchCriteriaId": "5E8D5B2E-3AB5-480F-B752-B8BA9A262C16",
"versionEndIncluding": "2.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "478D3D8F-338F-494A-A3FF-5B1007DD90CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "DF211E79-BC73-4D6A-8153-19AEE82345D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "231325FC-D582-41B6-8CF4-07FEE414D19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:f:*:*:*:*:*:*",
"matchCriteriaId": "F2F265EA-4CDD-4B6F-9212-74D395F6034A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01662B-8A72-4011-AA27-5A12C6B56FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:e:*:*:*:*:*:*",
"matchCriteriaId": "9DFF42E1-162B-46EA-BDB6-E3452201550A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:i:*:*:*:*:*:*",
"matchCriteriaId": "BBFF96E9-59AB-40D8-A531-7FB36A4B1E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:b:*:*:*:*:*:*",
"matchCriteriaId": "EACAF1A3-EADC-4E15-AE0C-76F6E1FE5219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:e:*:*:*:*:*:*",
"matchCriteriaId": "0E5AA726-67C7-43EF-AB4C-DC9EC2AB39A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:h:*:*:*:*:*:*",
"matchCriteriaId": "0B967754-11D2-4903-AB8E-6608FD0FD836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:i:*:*:*:*:*:*",
"matchCriteriaId": "1F293BB5-4169-49EC-8DF4-3F0575F7F4D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:k:*:*:*:*:*:*",
"matchCriteriaId": "178B4552-5FE7-439F-86C4-5123F23F4117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.28:g:*:*:*:*:*:*",
"matchCriteriaId": "F58BC7F2-438E-4681-9741-7A8DC581DE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.32:d:*:*:*:*:*:*",
"matchCriteriaId": "86CF34AF-A48D-4CE0-9144-5209A16C9C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:b:*:*:*:*:*:*",
"matchCriteriaId": "A555F94B-2D23-4ED6-947C-CBEC1A2768C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:e:*:*:*:*:*:*",
"matchCriteriaId": "AEC68099-D84F-4516-8D6A-3580F49DF4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:d:*:*:*:*:*:*",
"matchCriteriaId": "304A13AA-E04B-43B6-84DD-3235170F5C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:g:*:*:*:*:*:*",
"matchCriteriaId": "F26C2C6D-D2E1-42D6-A700-53AD1D3A3876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:h:*:*:*:*:*:*",
"matchCriteriaId": "5F61FF30-2B40-44A3-8257-69E92EC0DE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:k:*:*:*:*:*:*",
"matchCriteriaId": "EF1B6195-649E-4577-99F3-B04C0B762FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:d:*:*:*:*:*:*",
"matchCriteriaId": "377C2D86-620B-4BC8-A118-9B52EBC609D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:f:*:*:*:*:*:*",
"matchCriteriaId": "E9BB015A-30D6-4942-BAC6-DD96E151B8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:i:*:*:*:*:*:*",
"matchCriteriaId": "7B916267-C840-48C5-B3DC-73BCDA9C91C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:n:*:*:*:*:*:*",
"matchCriteriaId": "6D979D22-C158-41DE-8AFA-EF3C040B1F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:o:*:*:*:*:*:*",
"matchCriteriaId": "66B0F30E-1E3F-4BD4-BE24-0A26C4CA56E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:t:*:*:*:*:*:*",
"matchCriteriaId": "2C927655-9D61-4921-AA51-27E7D6A2007C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:c:*:*:*:*:*:*",
"matchCriteriaId": "1ED4EBB8-760C-4DA6-8404-3BB104D08656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:j:*:*:*:*:*:*",
"matchCriteriaId": "C65476D1-5104-4DE1-B0DF-FBD811F74ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:c:*:*:*:*:*:*",
"matchCriteriaId": "A2F8CD93-5278-43F6-87E0-0FED8ACD330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:d:*:*:*:*:*:*",
"matchCriteriaId": "6460DE58-67FA-44AE-B20F-A60BAC07F516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:g:*:*:*:*:*:*",
"matchCriteriaId": "54EAE737-288C-4F0E-A510-44C8B4B94E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:l:*:*:*:*:*:*",
"matchCriteriaId": "4DF194B0-B7BE-47AF-907D-214AF43DEFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:n:*:*:*:*:*:*",
"matchCriteriaId": "D29A5D9C-E5F7-4228-A63F-82F2A55E242E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C9F62C-79C0-4079-824C-E076DA20CE2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data."
},
{
"lang": "es",
"value": "El firmware IBM BladeCenter con Advanced Management Module (AMM) anterior bpet50g no realiza la interrupci\u00f3n compartida adecuadamente para USB y iSCSI, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio m\u00f3dulo de gesti\u00f3n) a trav\u00e9s de paquetes TCP con datos de programa malformados. \r\n"
}
],
"id": "CVE-2010-1460",
"lastModified": "2024-11-21T01:14:28.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-16T18:30:00.413",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dsecrg.com/pages/vul/show.php?id=149"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/510744/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/39499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dsecrg.com/pages/vul/show.php?id=149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/510744/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/39499"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-08 12:54
Modified
2024-11-21 01:17
Severity ?
Summary
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:*:l:*:*:*:*:*:*",
"matchCriteriaId": "AC52F58A-CC17-48B4-ABB1-7470AE5FFBDE",
"versionEndIncluding": "2.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "478D3D8F-338F-494A-A3FF-5B1007DD90CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "DF211E79-BC73-4D6A-8153-19AEE82345D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "231325FC-D582-41B6-8CF4-07FEE414D19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:f:*:*:*:*:*:*",
"matchCriteriaId": "F2F265EA-4CDD-4B6F-9212-74D395F6034A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01662B-8A72-4011-AA27-5A12C6B56FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:e:*:*:*:*:*:*",
"matchCriteriaId": "9DFF42E1-162B-46EA-BDB6-E3452201550A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:i:*:*:*:*:*:*",
"matchCriteriaId": "BBFF96E9-59AB-40D8-A531-7FB36A4B1E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:b:*:*:*:*:*:*",
"matchCriteriaId": "EACAF1A3-EADC-4E15-AE0C-76F6E1FE5219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:e:*:*:*:*:*:*",
"matchCriteriaId": "0E5AA726-67C7-43EF-AB4C-DC9EC2AB39A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:h:*:*:*:*:*:*",
"matchCriteriaId": "0B967754-11D2-4903-AB8E-6608FD0FD836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:i:*:*:*:*:*:*",
"matchCriteriaId": "1F293BB5-4169-49EC-8DF4-3F0575F7F4D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:k:*:*:*:*:*:*",
"matchCriteriaId": "178B4552-5FE7-439F-86C4-5123F23F4117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.28:g:*:*:*:*:*:*",
"matchCriteriaId": "F58BC7F2-438E-4681-9741-7A8DC581DE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.32:d:*:*:*:*:*:*",
"matchCriteriaId": "86CF34AF-A48D-4CE0-9144-5209A16C9C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:b:*:*:*:*:*:*",
"matchCriteriaId": "A555F94B-2D23-4ED6-947C-CBEC1A2768C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:e:*:*:*:*:*:*",
"matchCriteriaId": "AEC68099-D84F-4516-8D6A-3580F49DF4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:d:*:*:*:*:*:*",
"matchCriteriaId": "304A13AA-E04B-43B6-84DD-3235170F5C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:g:*:*:*:*:*:*",
"matchCriteriaId": "F26C2C6D-D2E1-42D6-A700-53AD1D3A3876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:h:*:*:*:*:*:*",
"matchCriteriaId": "5F61FF30-2B40-44A3-8257-69E92EC0DE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:k:*:*:*:*:*:*",
"matchCriteriaId": "EF1B6195-649E-4577-99F3-B04C0B762FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:d:*:*:*:*:*:*",
"matchCriteriaId": "377C2D86-620B-4BC8-A118-9B52EBC609D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:f:*:*:*:*:*:*",
"matchCriteriaId": "E9BB015A-30D6-4942-BAC6-DD96E151B8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:i:*:*:*:*:*:*",
"matchCriteriaId": "7B916267-C840-48C5-B3DC-73BCDA9C91C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:n:*:*:*:*:*:*",
"matchCriteriaId": "6D979D22-C158-41DE-8AFA-EF3C040B1F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:o:*:*:*:*:*:*",
"matchCriteriaId": "66B0F30E-1E3F-4BD4-BE24-0A26C4CA56E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:t:*:*:*:*:*:*",
"matchCriteriaId": "2C927655-9D61-4921-AA51-27E7D6A2007C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:c:*:*:*:*:*:*",
"matchCriteriaId": "1ED4EBB8-760C-4DA6-8404-3BB104D08656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:j:*:*:*:*:*:*",
"matchCriteriaId": "C65476D1-5104-4DE1-B0DF-FBD811F74ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:c:*:*:*:*:*:*",
"matchCriteriaId": "A2F8CD93-5278-43F6-87E0-0FED8ACD330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:d:*:*:*:*:*:*",
"matchCriteriaId": "6460DE58-67FA-44AE-B20F-A60BAC07F516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:g:*:*:*:*:*:*",
"matchCriteriaId": "54EAE737-288C-4F0E-A510-44C8B4B94E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:n:*:*:*:*:*:*",
"matchCriteriaId": "D29A5D9C-E5F7-4228-A63F-82F2A55E242E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:c:*:*:*:*:*:*",
"matchCriteriaId": "EA87A054-0FF2-407C-95C7-21CC7C98801C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:g:*:*:*:*:*:*",
"matchCriteriaId": "8BDD8DB8-3B3B-4A10-BEF5-703D6DB7E874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:k:*:*:*:*:*:*",
"matchCriteriaId": "0D10BE3E-7AB3-4F75-BB38-BB9EB5D27BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:p:*:*:*:*:*:*",
"matchCriteriaId": "2274C274-E094-4F01-9D81-B5FC1FAD3F8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C9F62C-79C0-4079-824C-E076DA20CE2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en private/file_management.php en el BladeCenter de IBM con el Advanced Management Module (AMM) firmware build ID BPET48L, y posiblemente otras versiones antes de v4.7 y v5.0, permite a usuarios remotos autenticados listar directorios a su elecci\u00f3n y posiblemente tener otro impacto no especificado a trav\u00e9s de un .. (punto punto) en el par\u00e1metro DIR."
}
],
"id": "CVE-2010-2655",
"lastModified": "2024-11-21T01:17:06.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-08T12:54:47.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66124"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41383"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-12 17:54
Modified
2024-11-21 01:08
Severity ?
Summary
Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB95BF0-DE99-426C-BAAC-F11D26F1E604",
"versionEndIncluding": "2.50c",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C4CAC775-3003-46B5-8F71-E6714B407B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8C118D-55F0-4B9F-BE7D-BCF5785B91B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "39692441-13DC-4FA9-BC0E-956B2CFABA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.20f:*:*:*:*:*:*:*",
"matchCriteriaId": "92560A6E-7DB6-4386-82E4-3065F7CCA3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9E89E2-6A0E-45CF-82DC-E142545B7706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.25e:*:*:*:*:*:*:*",
"matchCriteriaId": "53A33EAB-75DF-4724-B63D-8F7206CA0474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.25i:*:*:*:*:*:*:*",
"matchCriteriaId": "B912239E-ABA7-4D96-80D2-D93C718404D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.26b:*:*:*:*:*:*:*",
"matchCriteriaId": "5A16A762-F911-4D58-8D93-921FEF1674DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.26e:*:*:*:*:*:*:*",
"matchCriteriaId": "D03C0AAF-9D47-4524-87B7-186CCAC33707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.26h:*:*:*:*:*:*:*",
"matchCriteriaId": "BA61D831-ABCC-4622-80D9-53637AAA458F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.26i:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F0B05F-EE07-4261-8E09-A11081E1D9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.26k:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B83853-5EDB-4AD7-BAAF-252C71B7BD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.28g:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3F5569-B25E-43DA-970D-AA9D9CC2979F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.32d:*:*:*:*:*:*:*",
"matchCriteriaId": "16D3776F-5B97-477F-B397-9161A64771B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.34b:*:*:*:*:*:*:*",
"matchCriteriaId": "1356422D-E695-49F2-BFA4-275A9EC857CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.34e:*:*:*:*:*:*:*",
"matchCriteriaId": "0F956A08-A3D4-42C6-BDDC-F6A417FD5FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.36d:*:*:*:*:*:*:*",
"matchCriteriaId": "E33E5CBA-B044-41D0-AAA8-0E3402D35D3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.36g:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB8B620-EF87-4818-9D43-5311AF55D2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.36h:*:*:*:*:*:*:*",
"matchCriteriaId": "294822FC-3118-4D17-B178-F8A023D31F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.36k:*:*:*:*:*:*:*",
"matchCriteriaId": "3326A7E5-2852-40D0-B9EA-34C63EE113FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.42d:*:*:*:*:*:*:*",
"matchCriteriaId": "22928A60-F0B6-4FCC-A0C2-C60E81FAADD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.42f:*:*:*:*:*:*:*",
"matchCriteriaId": "8245059E-DEFD-4421-B166-851A97A5E77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.42i:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC04209-8AA5-4353-AC42-7ACBFBCDAC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.42n:*:*:*:*:*:*:*",
"matchCriteriaId": "280DA292-AA2E-41B6-8B48-3436DE3B47D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.42o:*:*:*:*:*:*:*",
"matchCriteriaId": "49235342-7700-4AEA-B41A-4E2F35456245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.42t:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6FF2D0-8014-4E3F-840C-721B38357F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:2.46c:*:*:*:*:*:*:*",
"matchCriteriaId": "A5BAAFFB-8223-448E-BA4F-A27B9E867936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:2.46j:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8695FC-2C14-41DB-954F-C0CD99C69F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:2.48c:*:*:*:*:*:*:*",
"matchCriteriaId": "A10F5132-9F28-4ACA-A712-AFE6EF37BA15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:2.48d:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A70C2C-3691-457D-9663-29DC41E15059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:2.48g:*:*:*:*:*:*:*",
"matchCriteriaId": "1E934753-B5DB-4FD2-8145-F3C48B4D8E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:2.48l:*:*:*:*:*:*:*",
"matchCriteriaId": "D14E87B9-E5CE-4D32-85B3-F525D78AC9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:2.48n:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E2B205-B61A-473C-9E41-5E65B9B99E66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*",
"matchCriteriaId": "A7C6F823-C727-45DA-A623-3F95C92CFE76",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*",
"matchCriteriaId": "9B853206-C826-4215-9A56-8CAF9D018603",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en el firmware de Advanced Management Module, en versiones anteriores a la 2.50G, para el IBM BladeCenter T 8720-2xx y 8730-2xx tienen un impacto y unos vectores de ataque desconocidos."
}
],
"id": "CVE-2009-3935",
"lastModified": "2024-11-21T01:08:33.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-12T17:54:58.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36970"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3188"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-08 12:54
Modified
2024-11-21 01:17
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:*:l:*:*:*:*:*:*",
"matchCriteriaId": "AC52F58A-CC17-48B4-ABB1-7470AE5FFBDE",
"versionEndIncluding": "2.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:*:g:*:*:*:*:*:*",
"matchCriteriaId": "65D8F61D-3A9B-4851-A59E-B7594DFDE9A8",
"versionEndIncluding": "3.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "478D3D8F-338F-494A-A3FF-5B1007DD90CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "DF211E79-BC73-4D6A-8153-19AEE82345D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "231325FC-D582-41B6-8CF4-07FEE414D19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:f:*:*:*:*:*:*",
"matchCriteriaId": "F2F265EA-4CDD-4B6F-9212-74D395F6034A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01662B-8A72-4011-AA27-5A12C6B56FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:e:*:*:*:*:*:*",
"matchCriteriaId": "9DFF42E1-162B-46EA-BDB6-E3452201550A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:i:*:*:*:*:*:*",
"matchCriteriaId": "BBFF96E9-59AB-40D8-A531-7FB36A4B1E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:b:*:*:*:*:*:*",
"matchCriteriaId": "EACAF1A3-EADC-4E15-AE0C-76F6E1FE5219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:e:*:*:*:*:*:*",
"matchCriteriaId": "0E5AA726-67C7-43EF-AB4C-DC9EC2AB39A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:h:*:*:*:*:*:*",
"matchCriteriaId": "0B967754-11D2-4903-AB8E-6608FD0FD836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:i:*:*:*:*:*:*",
"matchCriteriaId": "1F293BB5-4169-49EC-8DF4-3F0575F7F4D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:k:*:*:*:*:*:*",
"matchCriteriaId": "178B4552-5FE7-439F-86C4-5123F23F4117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.28:g:*:*:*:*:*:*",
"matchCriteriaId": "F58BC7F2-438E-4681-9741-7A8DC581DE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.32:d:*:*:*:*:*:*",
"matchCriteriaId": "86CF34AF-A48D-4CE0-9144-5209A16C9C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:b:*:*:*:*:*:*",
"matchCriteriaId": "A555F94B-2D23-4ED6-947C-CBEC1A2768C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:e:*:*:*:*:*:*",
"matchCriteriaId": "AEC68099-D84F-4516-8D6A-3580F49DF4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:d:*:*:*:*:*:*",
"matchCriteriaId": "304A13AA-E04B-43B6-84DD-3235170F5C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:g:*:*:*:*:*:*",
"matchCriteriaId": "F26C2C6D-D2E1-42D6-A700-53AD1D3A3876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:h:*:*:*:*:*:*",
"matchCriteriaId": "5F61FF30-2B40-44A3-8257-69E92EC0DE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:k:*:*:*:*:*:*",
"matchCriteriaId": "EF1B6195-649E-4577-99F3-B04C0B762FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:d:*:*:*:*:*:*",
"matchCriteriaId": "377C2D86-620B-4BC8-A118-9B52EBC609D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:f:*:*:*:*:*:*",
"matchCriteriaId": "E9BB015A-30D6-4942-BAC6-DD96E151B8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:i:*:*:*:*:*:*",
"matchCriteriaId": "7B916267-C840-48C5-B3DC-73BCDA9C91C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:n:*:*:*:*:*:*",
"matchCriteriaId": "6D979D22-C158-41DE-8AFA-EF3C040B1F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:o:*:*:*:*:*:*",
"matchCriteriaId": "66B0F30E-1E3F-4BD4-BE24-0A26C4CA56E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:t:*:*:*:*:*:*",
"matchCriteriaId": "2C927655-9D61-4921-AA51-27E7D6A2007C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:c:*:*:*:*:*:*",
"matchCriteriaId": "1ED4EBB8-760C-4DA6-8404-3BB104D08656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:j:*:*:*:*:*:*",
"matchCriteriaId": "C65476D1-5104-4DE1-B0DF-FBD811F74ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:c:*:*:*:*:*:*",
"matchCriteriaId": "A2F8CD93-5278-43F6-87E0-0FED8ACD330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:d:*:*:*:*:*:*",
"matchCriteriaId": "6460DE58-67FA-44AE-B20F-A60BAC07F516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:g:*:*:*:*:*:*",
"matchCriteriaId": "54EAE737-288C-4F0E-A510-44C8B4B94E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:n:*:*:*:*:*:*",
"matchCriteriaId": "D29A5D9C-E5F7-4228-A63F-82F2A55E242E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:c:*:*:*:*:*:*",
"matchCriteriaId": "EA87A054-0FF2-407C-95C7-21CC7C98801C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:g:*:*:*:*:*:*",
"matchCriteriaId": "8BDD8DB8-3B3B-4A10-BEF5-703D6DB7E874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:k:*:*:*:*:*:*",
"matchCriteriaId": "0D10BE3E-7AB3-4F75-BB38-BB9EB5D27BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:p:*:*:*:*:*:*",
"matchCriteriaId": "2274C274-E094-4F01-9D81-B5FC1FAD3F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:3.54:d:*:*:*:*:*:*",
"matchCriteriaId": "542C8BC6-078E-4B06-8092-31F8BE90E382",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C9F62C-79C0-4079-824C-E076DA20CE2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el BladeCenter de IBM con Advanced Management Module (AMM) firmware build ID BPET48L, y posiblemente otras versiones anteriores a v4.7 y v5.0, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro (1) INDEX o (2) IPADDR a private/cindefn.php, (3) el par\u00e1metro dominio a private/power_management_policy_options.php, el par\u00e1metro slot a (4) private/pm_temp.php o (5) private/power_module.php, (6) el par\u00e1metro WEBINDEX a private/blade_leds.php, o (7) el par\u00e1metro SLOT a private/ipmi_bladestatus.php."
}
],
"id": "CVE-2010-2654",
"lastModified": "2024-11-21T01:17:06.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-07-08T12:54:47.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66122"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66125"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66126"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66127"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66128"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66129"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66130"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41383"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-16 14:29
Modified
2024-11-21 04:14
Severity ?
Summary
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-24477 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-24477 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4615A750-2A3B-47B4-89EE-A3232E19CAF2",
"versionEndExcluding": "a3e122b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEEBA90-3902-48F4-AFF2-708C0F1732B6",
"versionEndExcluding": "cge122b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:system_x3750_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69B6C713-88F0-46FA-9BA0-A8990742BF56",
"versionEndExcluding": "a5e124b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC299FF-82AF-4B45-8646-8EEA9A9A7EB6",
"versionEndExcluding": "tke160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:-:*:*:*:*:*:*",
"matchCriteriaId": "F6EB37C6-274D-420A-A870-508105E94A09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:bladecenter_hs23e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B02CA18F-9C74-4F42-8306-D41CAC6AF823",
"versionEndExcluding": "ahe160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:-:*:*:*:*:*:*",
"matchCriteriaId": "A6035D4E-3B1E-4882-AD00-622A5A14E428",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x220_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4A9615-D41C-4D0E-B2F0-2F7193F4FB95",
"versionEndExcluding": "kse158c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD06E939-3D9E-4254-B570-0C9D79E1A6EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x222_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "386977A4-311D-48AE-BD40-17F1349F4912",
"versionEndExcluding": "cce160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D66C4AB-D69B-4D90-9F47-C590048582EE",
"versionEndExcluding": "ahe160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x280_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "348B1A1E-5617-4EA1-B562-5605EE463AFC",
"versionEndExcluding": "n3e132w",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x280_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F33B121-C777-4D32-B601-B32E3D240761",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3C5FED-59D7-4EB9-BE2F-C0CB0266348D",
"versionEndExcluding": "cne162d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x480_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1AFF5F6-2183-448D-A43E-9F13E6219E8D",
"versionEndExcluding": "n3e132w",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x480_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2B5F19-EE82-4DA4-9ACD-505943C4EC8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:flex_system_x880_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7656DBE9-CC1A-441D-95CA-2DC524ECEDE0",
"versionEndExcluding": "n2e130e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:flex_system_x880_x6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BED0E10-71B6-4323-96F5-B98D4FE7C7AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "088D5D83-67AB-43C4-BFC8-F80F86B24DAA",
"versionEndExcluding": "fhe120d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10ECC957-AC46-4141-9587-2A61F5F0C8D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_water_cooled_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07F99BB6-2E71-44B0-8910-EE4945EAE096",
"versionEndExcluding": "fhe120d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10ECC957-AC46-4141-9587-2A61F5F0C8D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3100_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "075B4B38-E5F0-4B21-9F42-8571C2DE2710",
"versionEndExcluding": "jqe184c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A654AB-188E-47B2-8C6D-6EA5C824B75B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3100_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC44F64-B03F-4BF6-9D18-F800C95F486B",
"versionEndExcluding": "j9e134c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CDF041-DA1B-4657-B86C-6509F3DA4415",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3250_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9A0EF2-F0DF-46EB-BBE1-5CE2A9F346F2",
"versionEndExcluding": "jqe184c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A1D29C-9491-4577-AB46-42924DB2B280",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3250_m5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9278E60-F61A-4BD6-974D-428F9328A97C",
"versionEndExcluding": "jue134c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD67192C-7833-40CB-9CCD-7ADBDC07BE47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3300_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B251FABB-7A74-4A00-9A6A-E1D5010F789F",
"versionEndExcluding": "yae156c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB437E6F-4A5B-4335-B6C3-0C061D630DF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3500_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0AEA8A-4BC9-46FC-A939-A72A4C2FBE47",
"versionEndExcluding": "y5e158c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "654187EE-51E9-4AC8-8563-9DD24BB97C5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3530_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EADB7945-EE70-42C6-91B6-F593CC246F4A",
"versionEndExcluding": "bee164c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "122C6446-D5A2-446F-89B7-FD6742A36CEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3550_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B343AFD4-F139-41CF-9BA1-8CC81AC5F94D",
"versionEndExcluding": "d7e166d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7F4041-3E49-4C34-BCF1-E924690E7947",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3630_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B811AAAD-7526-45DB-9506-2DF80EADD2BD",
"versionEndExcluding": "vve162c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59A6CC3F-EC19-408C-996E-AF260289F81B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73592E6B-511F-47DA-BE96-E485AB8B0C84",
"versionEndExcluding": "vve160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A50E12D4-7631-4FF3-9390-BE1893468310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_bd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED733CEF-494D-4770-8A9B-5AFDA89FC689",
"versionEndExcluding": "vve160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D37B42B3-A246-4C15-BC87-E821246EAF1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D526F5A8-6411-445E-9EAA-29AD7AD98834",
"versionEndExcluding": "vve160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66850147-3473-4092-A79B-B42BFEC652FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3750_m4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA3F56B-6163-4FEC-8BFC-8DC45928F175",
"versionEndExcluding": "koe160c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E2C1FAF-46C5-4FB0-AA16-FB731CF77944",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3850_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D289168-1A35-48DA-8CA2-38DA52046CB3",
"versionEndExcluding": "a8e128c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74A84455-9F94-4934-93ED-623BC81A1406",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:system_x3950_x6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E50A5B5-5EAF-41C2-8FFF-430F8D13AC22",
"versionEndExcluding": "bee164c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27C8F43-4900-4A12-9A99-D833DDD51B6E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."
},
{
"lang": "es",
"value": "Se ha dejado sin establecer un bit de bloqueo de protecci\u00f3n de escritura tras el arranque en una generaci\u00f3n m\u00e1s antigua de los servidores x de Lenovo y IBM System, lo que podr\u00eda permitir que un atacante con acceso de administrador modifique el subconjunto de memoria flash que contiene Intel SPS (Server Platform Services) y los descriptores flash del sistema."
}
],
"id": "CVE-2018-9085",
"lastModified": "2024-11-21T04:14:56.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-16T14:29:00.427",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-09 23:55
Modified
2024-11-21 01:54
Severity ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | bladecenter | hs22 | |
| ibm | bladecenter | hs22v | |
| ibm | bladecenter | hs23 | |
| ibm | bladecenter | hs23e | |
| ibm | bladecenter | hx5 | |
| ibm | flex_system_x220_compute_node | - | |
| ibm | flex_system_x240_compute_node | - | |
| ibm | flex_system_x440_compute_node | - | |
| ibm | system_x_idataplex_dx360_m2_server | - | |
| ibm | system_x_idataplex_dx360_m3_server | - | |
| ibm | system_x_idataplex_dx360_m4_server | - | |
| ibm | system_x3100_m4 | - | |
| ibm | system_x3200_m3 | - | |
| ibm | system_x3250_m3 | - | |
| ibm | system_x3250_m4 | - | |
| ibm | system_x3400_m2 | - | |
| ibm | system_x3400_m3 | - | |
| ibm | system_x3500_m2 | - | |
| ibm | system_x3500_m3 | - | |
| ibm | system_x3500_m4 | - | |
| ibm | system_x3530_m4 | - | |
| ibm | system_x3550_m2 | - | |
| ibm | system_x3550_m3 | - | |
| ibm | system_x3550_m4 | - | |
| ibm | system_x3620_m3 | - | |
| ibm | system_x3630_m3 | - | |
| ibm | system_x3630_m4 | - | |
| ibm | system_x3650_m2 | - | |
| ibm | system_x3650_m3 | - | |
| ibm | system_x3650_m4 | - | |
| ibm | system_x3690_x5 | - | |
| ibm | system_x3750_m4 | - | |
| ibm | system_x3850_x5 | - | |
| ibm | system_x3950_x5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
},
{
"lang": "es",
"value": "La implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, y System x3### tiene una contrase\u00f1a predeterminada para una cuenta de usuario IPMI, lo que hace m\u00e1s f\u00e1cil para los atacantes remotos realizar el encendido, apagado, reinicio, o a\u00f1adir o modificar las cuentas, a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4031",
"lastModified": "2024-11-21T01:54:45.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T23:55:02.840",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-09 23:55
Modified
2024-11-21 01:54
Severity ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | bladecenter | hs22 | |
| ibm | bladecenter | hs22v | |
| ibm | bladecenter | hs23 | |
| ibm | bladecenter | hs23e | |
| ibm | bladecenter | hx5 | |
| ibm | flex_system_x220_compute_node | - | |
| ibm | flex_system_x240_compute_node | - | |
| ibm | flex_system_x440_compute_node | - | |
| ibm | system_x_idataplex_dx360_m2_server | - | |
| ibm | system_x_idataplex_dx360_m3_server | - | |
| ibm | system_x_idataplex_dx360_m4_server | - | |
| ibm | system_x3100_m4 | - | |
| ibm | system_x3200_m3 | - | |
| ibm | system_x3250_m3 | - | |
| ibm | system_x3250_m4 | - | |
| ibm | system_x3400_m2 | - | |
| ibm | system_x3400_m3 | - | |
| ibm | system_x3500_m2 | - | |
| ibm | system_x3500_m3 | - | |
| ibm | system_x3500_m4 | - | |
| ibm | system_x3530_m4 | - | |
| ibm | system_x3550_m2 | - | |
| ibm | system_x3550_m3 | - | |
| ibm | system_x3550_m4 | - | |
| ibm | system_x3620_m3 | - | |
| ibm | system_x3630_m3 | - | |
| ibm | system_x3630_m4 | - | |
| ibm | system_x3650_m2 | - | |
| ibm | system_x3650_m3 | - | |
| ibm | system_x3650_m4 | - | |
| ibm | system_x3690_x5 | - | |
| ibm | system_x3750_m4 | - | |
| ibm | system_x3850_x5 | - | |
| ibm | system_x3950_x5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
},
{
"lang": "es",
"value": "La implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, y System x3###, utiliza texto claro para el almacenamiento de contrase\u00f1as, lo que permite a atacantes, seg\u00fan el contexto, obtener informaci\u00f3n confidencial mediante la lectura de un archivo."
}
],
"id": "CVE-2013-4038",
"lastModified": "2024-11-21T01:54:45.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T23:55:02.890",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-13 16:30
Modified
2024-11-21 01:02
Severity ?
Summary
private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | advanced_management_module | 1.36h | |
| ibm | bladecenter | e | |
| ibm | bladecenter | e | |
| ibm | bladecenter | e | |
| ibm | bladecenter | h | |
| ibm | bladecenter | h | |
| ibm | bladecenter | hc10 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs20 | |
| ibm | bladecenter | hs21 | |
| ibm | bladecenter | hs21 | |
| ibm | bladecenter | hs21_xm | |
| ibm | bladecenter | hs21_xm | |
| ibm | bladecenter | ht | |
| ibm | bladecenter | ht | |
| ibm | bladecenter | js12 | |
| ibm | bladecenter | js21 | |
| ibm | bladecenter | js21 | |
| ibm | bladecenter | js22 | |
| ibm | bladecenter | ls20 | |
| ibm | bladecenter | ls21 | |
| ibm | bladecenter | ls41 | |
| ibm | bladecenter | qs21 | |
| ibm | bladecenter | qs22 | |
| ibm | bladecenter | s | |
| ibm | bladecenter | s | |
| ibm | bladecenter | t | |
| ibm | bladecenter | t |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:advanced_management_module:1.36h:*:*:*:*:*:*:*",
"matchCriteriaId": "65D2F618-192F-449D-B182-0AF5CAAE730B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:1881:*:*:*:*:*",
"matchCriteriaId": "F0D41279-6729-447A-A9CE-EFD83D82DC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:7967:*:*:*:*:*",
"matchCriteriaId": "F578E536-42AE-4ABB-999B-C0F1249913D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:8677:*:*:*:*:*",
"matchCriteriaId": "BDE7F2D8-362B-49E5-B110-F5845F337FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:h:*:7989:*:*:*:*:*",
"matchCriteriaId": "0BAADDA3-CD72-4F14-B2CA-6EDA5E4EAEF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:h:*:8852:*:*:*:*:*",
"matchCriteriaId": "D22C37E6-62A0-48FD-8000-91270C14B646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hc10:*:7996:*:*:*:*:*",
"matchCriteriaId": "E98311E3-E944-4380-B52A-CCB7895187B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:1916:*:*:*:*:*",
"matchCriteriaId": "B77405D4-F9B6-445A-9124-AAF53F955FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8014:*:*:*:*:*",
"matchCriteriaId": "CA2824FF-1585-4035-AB47-24835688BEE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8028:*:*:*:*:*",
"matchCriteriaId": "2BE05E6A-F41B-4F5B-BF80-E9848BC21D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs20:*:1883:*:*:*:*:*",
"matchCriteriaId": "84927A93-FBE6-4A9D-937C-73D84FDA0CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:1885:*:*:*:*:*",
"matchCriteriaId": "6AD291A9-FD2A-4F2E-AA5A-F587781FF208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:8853:*:*:*:*:*",
"matchCriteriaId": "61A7429A-EA22-4CC3-9177-EBD739BB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:1915:*:*:*:*:*",
"matchCriteriaId": "177AB1AA-15CC-416C-A47B-7C290F23EC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:7995:*:*:*:*:*",
"matchCriteriaId": "1210591D-6168-4C99-A40F-18BCC49656F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8740:*:*:*:*:*",
"matchCriteriaId": "E2C199D1-B4F3-4939-A216-30836490B4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8750:*:*:*:*:*",
"matchCriteriaId": "FD438583-D9C6-40CD-9526-D42E8FAC6689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js12:*:7998:*:*:*:*:*",
"matchCriteriaId": "8D690D2D-174D-40CB-9273-8FA8E75EACDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:7988:*:*:*:*:*",
"matchCriteriaId": "FBC94677-BF7E-4DEE-9C2B-EEF4E730E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:8844:*:*:*:*:*",
"matchCriteriaId": "B0B7B3D3-306D-45C1-992F-8DBE78106A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js22:*:7998:*:*:*:*:*",
"matchCriteriaId": "97B880FC-2992-4644-B40D-BFD857ADDF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls20:*:8850:*:*:*:*:*",
"matchCriteriaId": "55CF4234-A310-4A08-9BFA-6CA0E46F50CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls21:*:7971:*:*:*:*:*",
"matchCriteriaId": "FF502A54-6B7B-4ED9-932B-DC51A440D145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls41:*:7972:*:*:*:*:*",
"matchCriteriaId": "7A7C4912-DCDC-4402-BC10-B7BCE2821E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:qs21:*:0792:*:*:*:*:*",
"matchCriteriaId": "6D2473A1-0DBB-4A17-8330-1E835D793815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:qs22:*:0793:*:*:*:*:*",
"matchCriteriaId": "F7BD9823-CDFB-4E75-B9CA-AB4D53BE22DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:s:*:1948:*:*:*:*:*",
"matchCriteriaId": "3D8C051F-56B7-4B6D-8357-4E1B76DAE024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:s:*:8886:*:*:*:*:*",
"matchCriteriaId": "9AC31661-5830-4FB3-8970-7C26D0658BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*",
"matchCriteriaId": "A7C6F823-C727-45DA-A623-3F95C92CFE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*",
"matchCriteriaId": "9B853206-C826-4215-9A56-8CAF9D018603",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad en private/login.ssi en el \"Advanced Management Module\" (AMM) o m\u00f3dulo de gesti\u00f3n avanzada de BladeCenter de IBM, incluyendo el BladeCenter H con BPET36H 54, permite a usuarios remotos averiguar los roles de acceso y el \"scope\" (alcance) de cuentas de usuario arbitrarias a trav\u00e9s del par\u00e1metro WEBINDEX."
}
],
"id": "CVE-2009-1289",
"lastModified": "2024-11-21T01:02:06.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-13T16:30:00.453",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53659"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1022025"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34447"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-01 21:59
Modified
2024-11-21 02:59
Severity ?
Summary
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | http://www.securityfocus.com/bid/95839 | Third Party Advisory, VDB Entry | |
| psirt@lenovo.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/121443 | Third Party Advisory | |
| psirt@lenovo.com | https://support.lenovo.com/us/en/product_security/LEN-5700 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95839 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/121443 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/product_security/LEN-5700 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | advanced_management_module_firmware | - | |
| ibm | advanced_management_module | - | |
| ibm | bladecenter | hs22 | |
| ibm | bladecenter | hs22v | |
| ibm | bladecenter | hs23 | |
| ibm | bladecenter | hs23e | |
| ibm | bladecenter | hx5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "734EBD6A-8615-4B4A-A1A9-EB603B1276E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "357307A8-421E-4433-A985-505565B0830A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM\u0027s IP address to send a crafted URL that could inject a malicious script to access a user\u0027s AMM data such as cookies or other session information."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS basada en Document Object Model-(DOM) en Advanced Management Module (AMM) versiones anteriores a 66Z de Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 permite a un atacante no autenticado con acceso a la direcci\u00f3n IP de AMM mandar una URL manipulada que podr\u00eda inyectar un scrip malicioso para acceder a los datos AMM de un usuario como cookies u otra informaci\u00f3n de la sesi\u00f3n."
}
],
"id": "CVE-2016-8232",
"lastModified": "2024-11-21T02:59:02.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-01T21:59:00.243",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95839"
},
{
"source": "psirt@lenovo.com",
"tags": [
"Third Party Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121443"
},
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-5700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-5700"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-13 16:30
Modified
2024-11-21 01:02
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | advanced_management_module | 1.36h | |
| ibm | bladecenter | e | |
| ibm | bladecenter | e | |
| ibm | bladecenter | e | |
| ibm | bladecenter | h | |
| ibm | bladecenter | h | |
| ibm | bladecenter | hc10 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs20 | |
| ibm | bladecenter | hs21 | |
| ibm | bladecenter | hs21 | |
| ibm | bladecenter | hs21_xm | |
| ibm | bladecenter | hs21_xm | |
| ibm | bladecenter | ht | |
| ibm | bladecenter | ht | |
| ibm | bladecenter | js12 | |
| ibm | bladecenter | js21 | |
| ibm | bladecenter | js21 | |
| ibm | bladecenter | js22 | |
| ibm | bladecenter | ls20 | |
| ibm | bladecenter | ls21 | |
| ibm | bladecenter | ls41 | |
| ibm | bladecenter | qs21 | |
| ibm | bladecenter | qs22 | |
| ibm | bladecenter | s | |
| ibm | bladecenter | s | |
| ibm | bladecenter | t | |
| ibm | bladecenter | t |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:advanced_management_module:1.36h:*:*:*:*:*:*:*",
"matchCriteriaId": "65D2F618-192F-449D-B182-0AF5CAAE730B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:1881:*:*:*:*:*",
"matchCriteriaId": "F0D41279-6729-447A-A9CE-EFD83D82DC19",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:7967:*:*:*:*:*",
"matchCriteriaId": "F578E536-42AE-4ABB-999B-C0F1249913D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:8677:*:*:*:*:*",
"matchCriteriaId": "BDE7F2D8-362B-49E5-B110-F5845F337FE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:h:*:7989:*:*:*:*:*",
"matchCriteriaId": "0BAADDA3-CD72-4F14-B2CA-6EDA5E4EAEF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:h:*:8852:*:*:*:*:*",
"matchCriteriaId": "D22C37E6-62A0-48FD-8000-91270C14B646",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hc10:*:7996:*:*:*:*:*",
"matchCriteriaId": "E98311E3-E944-4380-B52A-CCB7895187B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:1916:*:*:*:*:*",
"matchCriteriaId": "B77405D4-F9B6-445A-9124-AAF53F955FA0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8014:*:*:*:*:*",
"matchCriteriaId": "CA2824FF-1585-4035-AB47-24835688BEE6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8028:*:*:*:*:*",
"matchCriteriaId": "2BE05E6A-F41B-4F5B-BF80-E9848BC21D5D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs20:*:1883:*:*:*:*:*",
"matchCriteriaId": "84927A93-FBE6-4A9D-937C-73D84FDA0CFE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:1885:*:*:*:*:*",
"matchCriteriaId": "6AD291A9-FD2A-4F2E-AA5A-F587781FF208",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:8853:*:*:*:*:*",
"matchCriteriaId": "61A7429A-EA22-4CC3-9177-EBD739BB55AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:1915:*:*:*:*:*",
"matchCriteriaId": "177AB1AA-15CC-416C-A47B-7C290F23EC31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:7995:*:*:*:*:*",
"matchCriteriaId": "1210591D-6168-4C99-A40F-18BCC49656F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8740:*:*:*:*:*",
"matchCriteriaId": "E2C199D1-B4F3-4939-A216-30836490B4F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8750:*:*:*:*:*",
"matchCriteriaId": "FD438583-D9C6-40CD-9526-D42E8FAC6689",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js12:*:7998:*:*:*:*:*",
"matchCriteriaId": "8D690D2D-174D-40CB-9273-8FA8E75EACDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:7988:*:*:*:*:*",
"matchCriteriaId": "FBC94677-BF7E-4DEE-9C2B-EEF4E730E6F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:8844:*:*:*:*:*",
"matchCriteriaId": "B0B7B3D3-306D-45C1-992F-8DBE78106A0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js22:*:7998:*:*:*:*:*",
"matchCriteriaId": "97B880FC-2992-4644-B40D-BFD857ADDF7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls20:*:8850:*:*:*:*:*",
"matchCriteriaId": "55CF4234-A310-4A08-9BFA-6CA0E46F50CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls21:*:7971:*:*:*:*:*",
"matchCriteriaId": "FF502A54-6B7B-4ED9-932B-DC51A440D145",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls41:*:7972:*:*:*:*:*",
"matchCriteriaId": "7A7C4912-DCDC-4402-BC10-B7BCE2821E86",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:qs21:*:0792:*:*:*:*:*",
"matchCriteriaId": "6D2473A1-0DBB-4A17-8330-1E835D793815",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:qs22:*:0793:*:*:*:*:*",
"matchCriteriaId": "F7BD9823-CDFB-4E75-B9CA-AB4D53BE22DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:s:*:1948:*:*:*:*:*",
"matchCriteriaId": "3D8C051F-56B7-4B6D-8357-4E1B76DAE024",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:s:*:8886:*:*:*:*:*",
"matchCriteriaId": "9AC31661-5830-4FB3-8970-7C26D0658BC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*",
"matchCriteriaId": "A7C6F823-C727-45DA-A623-3F95C92CFE76",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*",
"matchCriteriaId": "9B853206-C826-4215-9A56-8CAF9D018603",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados(CSRF) en la interfaz de administraci\u00f3n web en el M\u00f3dulo de Gesti\u00f3n Avanzada (AMM) en el IBM BladeCenter, incluidos los BladeCenter H con BPET36H 54, permiten a atacantes remotos realizar acciones no autorizadas como administradores, como lo demuestra una solicitud de apagado al script private/blade_power_action."
}
],
"id": "CVE-2009-1290",
"lastModified": "2024-11-21T01:02:06.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-13T16:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53660"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1022025"
},
{
"source": "cve@mitre.org",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34447"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-13 16:30
Modified
2024-11-21 01:02
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | advanced_management_module | 1.36h | |
| ibm | bladecenter | e | |
| ibm | bladecenter | e | |
| ibm | bladecenter | e | |
| ibm | bladecenter | h | |
| ibm | bladecenter | h | |
| ibm | bladecenter | hc10 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs20 | |
| ibm | bladecenter | hs21 | |
| ibm | bladecenter | hs21 | |
| ibm | bladecenter | hs21_xm | |
| ibm | bladecenter | hs21_xm | |
| ibm | bladecenter | ht | |
| ibm | bladecenter | ht | |
| ibm | bladecenter | js12 | |
| ibm | bladecenter | js21 | |
| ibm | bladecenter | js21 | |
| ibm | bladecenter | js22 | |
| ibm | bladecenter | ls20 | |
| ibm | bladecenter | ls21 | |
| ibm | bladecenter | ls41 | |
| ibm | bladecenter | qs21 | |
| ibm | bladecenter | qs22 | |
| ibm | bladecenter | s | |
| ibm | bladecenter | s | |
| ibm | bladecenter | t | |
| ibm | bladecenter | t |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:advanced_management_module:1.36h:*:*:*:*:*:*:*",
"matchCriteriaId": "65D2F618-192F-449D-B182-0AF5CAAE730B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:1881:*:*:*:*:*",
"matchCriteriaId": "F0D41279-6729-447A-A9CE-EFD83D82DC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:7967:*:*:*:*:*",
"matchCriteriaId": "F578E536-42AE-4ABB-999B-C0F1249913D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:8677:*:*:*:*:*",
"matchCriteriaId": "BDE7F2D8-362B-49E5-B110-F5845F337FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:h:*:7989:*:*:*:*:*",
"matchCriteriaId": "0BAADDA3-CD72-4F14-B2CA-6EDA5E4EAEF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:h:*:8852:*:*:*:*:*",
"matchCriteriaId": "D22C37E6-62A0-48FD-8000-91270C14B646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hc10:*:7996:*:*:*:*:*",
"matchCriteriaId": "E98311E3-E944-4380-B52A-CCB7895187B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:1916:*:*:*:*:*",
"matchCriteriaId": "B77405D4-F9B6-445A-9124-AAF53F955FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8014:*:*:*:*:*",
"matchCriteriaId": "CA2824FF-1585-4035-AB47-24835688BEE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8028:*:*:*:*:*",
"matchCriteriaId": "2BE05E6A-F41B-4F5B-BF80-E9848BC21D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs20:*:1883:*:*:*:*:*",
"matchCriteriaId": "84927A93-FBE6-4A9D-937C-73D84FDA0CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:1885:*:*:*:*:*",
"matchCriteriaId": "6AD291A9-FD2A-4F2E-AA5A-F587781FF208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:8853:*:*:*:*:*",
"matchCriteriaId": "61A7429A-EA22-4CC3-9177-EBD739BB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:1915:*:*:*:*:*",
"matchCriteriaId": "177AB1AA-15CC-416C-A47B-7C290F23EC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:7995:*:*:*:*:*",
"matchCriteriaId": "1210591D-6168-4C99-A40F-18BCC49656F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8740:*:*:*:*:*",
"matchCriteriaId": "E2C199D1-B4F3-4939-A216-30836490B4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8750:*:*:*:*:*",
"matchCriteriaId": "FD438583-D9C6-40CD-9526-D42E8FAC6689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js12:*:7998:*:*:*:*:*",
"matchCriteriaId": "8D690D2D-174D-40CB-9273-8FA8E75EACDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:7988:*:*:*:*:*",
"matchCriteriaId": "FBC94677-BF7E-4DEE-9C2B-EEF4E730E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:8844:*:*:*:*:*",
"matchCriteriaId": "B0B7B3D3-306D-45C1-992F-8DBE78106A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js22:*:7998:*:*:*:*:*",
"matchCriteriaId": "97B880FC-2992-4644-B40D-BFD857ADDF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls20:*:8850:*:*:*:*:*",
"matchCriteriaId": "55CF4234-A310-4A08-9BFA-6CA0E46F50CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls21:*:7971:*:*:*:*:*",
"matchCriteriaId": "FF502A54-6B7B-4ED9-932B-DC51A440D145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls41:*:7972:*:*:*:*:*",
"matchCriteriaId": "7A7C4912-DCDC-4402-BC10-B7BCE2821E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:qs21:*:0792:*:*:*:*:*",
"matchCriteriaId": "6D2473A1-0DBB-4A17-8330-1E835D793815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:qs22:*:0793:*:*:*:*:*",
"matchCriteriaId": "F7BD9823-CDFB-4E75-B9CA-AB4D53BE22DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:s:*:1948:*:*:*:*:*",
"matchCriteriaId": "3D8C051F-56B7-4B6D-8357-4E1B76DAE024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:s:*:8886:*:*:*:*:*",
"matchCriteriaId": "9AC31661-5830-4FB3-8970-7C26D0658BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*",
"matchCriteriaId": "A7C6F823-C727-45DA-A623-3F95C92CFE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*",
"matchCriteriaId": "9B853206-C826-4215-9A56-8CAF9D018603",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el \"Advanced Management Module\" (AMM) o m\u00f3dulo de gesti\u00f3n avanzada de BladeCenter de IBM, incluyendo el BladeCenter H con BPET36H 54. Permiten a usuarios remotos inyectar c\u00f3digo web script o HTML de su elecci\u00f3n a trav\u00e9s de (1) el nombre de usuario en una acci\u00f3n de login o (2) el par\u00e1metro PATH de private/file_management.ssi en el gestor de ficheros."
}
],
"id": "CVE-2009-1288",
"lastModified": "2024-11-21T01:02:06.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-13T16:30:00.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53657"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53658"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1022025"
},
{
"source": "cve@mitre.org",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34447"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201308-0229
Vulnerability from variot
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack. Intelligent Platform Management Interface is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions on the affected computer. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0229",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bladecenter",
"scope": "eq",
"trust": 1.8,
"vendor": "ibm",
"version": "hs22"
},
{
"model": "bladecenter",
"scope": "eq",
"trust": 1.8,
"vendor": "ibm",
"version": "hs22v"
},
{
"model": "bladecenter",
"scope": "eq",
"trust": 1.8,
"vendor": "ibm",
"version": "hs23"
},
{
"model": "bladecenter",
"scope": "eq",
"trust": 1.8,
"vendor": "ibm",
"version": "hs23e"
},
{
"model": "bladecenter",
"scope": "eq",
"trust": 1.8,
"vendor": "ibm",
"version": "hx5"
},
{
"model": "system x3530 m4",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system x3500 m4",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system x3400 m2",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system x3500 m2",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system x3550 m2",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system x3400 m3",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system x3550 m4",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system x3550 m3",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system x3500 m3",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system x3250 m4",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system x idataplex dx360 m4 server",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "flex system x240 compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3250 m3",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3650 m3",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "flex system x220 compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3620 m3",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3630 m3",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3650 m4",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "flex system x440 compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3650 m2",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3690 x5",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3630 m4",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3100 m4",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3200 m3",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x idataplex dx360 m2 server",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3850 x5",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3950 x5",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3750 m4",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x idataplex dx360 m3 server",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "flex system x220 compute node",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "flex system x240 compute node",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "flex system x440 compute node",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x idataplex dx360 m2",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x idataplex dx360 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x idataplex dx360 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3100 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3200 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3250 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3250 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3400 m2",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3400 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3500 m2",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3500 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3500 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3530 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3550 m2",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3550 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3550 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3620 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3630 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3630 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3650 m2",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3650 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3650 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3690 x5",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3750 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3850 x5",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3950 x5",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "intelligent platform management interface",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x5"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x5"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3750"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x5"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3650"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3650"
},
{
"model": "system m2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3650"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3630"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3630"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3620"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3550"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3550"
},
{
"model": "system m2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3550"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3530"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3500"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3500"
},
{
"model": "system m2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3500"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3400"
},
{
"model": "system m2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3400"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3250"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3250"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3200"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3100"
},
{
"model": "system idataplex dx360 m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x"
},
{
"model": "system idataplex dx360 m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x"
},
{
"model": "system idataplex dx360 m2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x"
},
{
"model": "integrated management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "flex system compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x440"
},
{
"model": "flex system compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x240"
},
{
"model": "flex system compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x220"
},
{
"model": "bladecenter hx5",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter hs23e",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter hs23",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter hs22v",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter hs22",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "61884"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003698"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-143"
},
{
"db": "NVD",
"id": "CVE-2013-4037"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4037"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM",
"sources": [
{
"db": "BID",
"id": "61884"
}
],
"trust": 0.3
},
"cve": "CVE-2013-4037",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-4037",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4037",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-143",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003698"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-143"
},
{
"db": "NVD",
"id": "CVE-2013-4037"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack. Intelligent Platform Management Interface is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions on the affected computer. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4037"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003698"
},
{
"db": "BID",
"id": "61884"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4037",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003698",
"trust": 0.8
},
{
"db": "XF",
"id": "86173",
"trust": 0.6
},
{
"db": "XF",
"id": "20134037",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201308-143",
"trust": 0.6
},
{
"db": "BID",
"id": "61884",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "61884"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003698"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-143"
},
{
"db": "NVD",
"id": "CVE-2013-4037"
}
]
},
"id": "VAR-201308-0229",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.33333334
},
"last_update_date": "2022-05-04T08:57:48.057000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MIGR-5093463",
"trust": 0.8,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093463"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003698"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4037"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093463"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4037"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4037"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/86173"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093463"
}
],
"sources": [
{
"db": "BID",
"id": "61884"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003698"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-143"
},
{
"db": "NVD",
"id": "CVE-2013-4037"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "61884"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003698"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-143"
},
{
"db": "NVD",
"id": "CVE-2013-4037"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-20T00:00:00",
"db": "BID",
"id": "61884"
},
{
"date": "2013-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003698"
},
{
"date": "2013-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-143"
},
{
"date": "2013-08-09T23:55:00",
"db": "NVD",
"id": "CVE-2013-4037"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-20T00:00:00",
"db": "BID",
"id": "61884"
},
{
"date": "2013-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003698"
},
{
"date": "2013-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-143"
},
{
"date": "2017-08-29T01:33:00",
"db": "NVD",
"id": "CVE-2013-4037"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural IBM Operates on server products Integrated Management Module Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003698"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "61884"
}
],
"trust": 0.3
}
}
var-201308-0227
Vulnerability from variot
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors. System X3250 M4 is prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bladecenter",
"scope": "eq",
"trust": 2.4,
"vendor": "ibm",
"version": "hs22"
},
{
"model": "bladecenter",
"scope": "eq",
"trust": 2.4,
"vendor": "ibm",
"version": "hs22v"
},
{
"model": "bladecenter",
"scope": "eq",
"trust": 2.4,
"vendor": "ibm",
"version": "hs23"
},
{
"model": "bladecenter",
"scope": "eq",
"trust": 2.4,
"vendor": "ibm",
"version": "hs23e"
},
{
"model": "bladecenter",
"scope": "eq",
"trust": 2.4,
"vendor": "ibm",
"version": "hx5"
},
{
"model": "flex system x220 compute node",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "flex system x240 compute node",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system x3200 m3",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system x3100 m4",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system x idataplex dx360 m4 server",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system x3550 m2",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3550 m4",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3250 m3",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3530 m4",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3500 m4",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3650 m3",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3500 m2",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3400 m2",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3550 m3",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3620 m3",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3630 m3",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3250 m4",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3850 x5",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3650 m4",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3950 x5",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3400 m3",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "flex system x440 compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3500 m3",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3650 m2",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3690 x5",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3630 m4",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x idataplex dx360 m2 server",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x3750 m4",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "system x idataplex dx360 m3 server",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "flex system x220 compute node",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "flex system x240 compute node",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "flex system x440 compute node",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x idataplex dx360 m2",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x idataplex dx360 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x idataplex dx360 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3100 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3200 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3250 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3250 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3400 m2",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3400 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3500 m2",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3500 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3500 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3530 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3550 m2",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3550 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3550 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3620 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3630 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3630 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3650 m2",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3650 m3",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3650 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3690 x5",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3750 m4",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3850 x5",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system x3950 x5",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x5-"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x5-"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3750-"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x5-"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3650-"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3650-"
},
{
"model": "system m2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3650-"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3630-"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3630-"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3620-"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3550-"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3550-"
},
{
"model": "system m2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3550-"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3530-"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3500-"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3500-"
},
{
"model": "system m2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3500-"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3400-"
},
{
"model": "system m2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3400-"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3250-"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3250-"
},
{
"model": "system m3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3200-"
},
{
"model": "system m4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3100-"
},
{
"model": "system idataplex dx360 m4 server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x-"
},
{
"model": "system idataplex dx360 m3 server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x-"
},
{
"model": "system idataplex dx360 m2 server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x-"
},
{
"model": "flex system compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x440-"
},
{
"model": "flex system compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x240-"
},
{
"model": "flex system compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x220-"
},
{
"model": "bladecenter hx5",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter hs23e",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter hs23",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter hs22v",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter hs22",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "78033"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003697"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-142"
},
{
"db": "NVD",
"id": "CVE-2013-4031"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4031"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "78033"
}
],
"trust": 0.3
},
"cve": "CVE-2013-4031",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-4031",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4031",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-142",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2013-4031",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-4031"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003697"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-142"
},
{
"db": "NVD",
"id": "CVE-2013-4031"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors. System X3250 M4 is prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4031"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003697"
},
{
"db": "BID",
"id": "78033"
},
{
"db": "VULMON",
"id": "CVE-2013-4031"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4031",
"trust": 2.8
},
{
"db": "XF",
"id": "86172",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003697",
"trust": 0.8
},
{
"db": "XF",
"id": "20134031",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201308-142",
"trust": 0.6
},
{
"db": "BID",
"id": "78033",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2013-4031",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-4031"
},
{
"db": "BID",
"id": "78033"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003697"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-142"
},
{
"db": "NVD",
"id": "CVE-2013-4031"
}
]
},
"id": "VAR-201308-0227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.33333334
},
"last_update_date": "2022-05-04T10:27:21.327000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MIGR-5093463",
"trust": 0.8,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093463"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003697"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003697"
},
{
"db": "NVD",
"id": "CVE-2013-4031"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093463"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/86172"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4031"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4031"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30356"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-4031"
},
{
"db": "BID",
"id": "78033"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003697"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-142"
},
{
"db": "NVD",
"id": "CVE-2013-4031"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2013-4031"
},
{
"db": "BID",
"id": "78033"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003697"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-142"
},
{
"db": "NVD",
"id": "CVE-2013-4031"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-09T00:00:00",
"db": "VULMON",
"id": "CVE-2013-4031"
},
{
"date": "2013-08-09T00:00:00",
"db": "BID",
"id": "78033"
},
{
"date": "2013-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003697"
},
{
"date": "2013-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-142"
},
{
"date": "2013-08-09T23:55:00",
"db": "NVD",
"id": "CVE-2013-4031"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2013-4031"
},
{
"date": "2013-08-09T00:00:00",
"db": "BID",
"id": "78033"
},
{
"date": "2013-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003697"
},
{
"date": "2013-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-142"
},
{
"date": "2017-08-29T01:33:00",
"db": "NVD",
"id": "CVE-2013-4031"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-142"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural IBM Operates on server products Integrated Management Module Vulnerable to performing power actions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003697"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-142"
}
],
"trust": 0.6
}
}