var-201212-0270
Vulnerability from variot
IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS private keys, (4) SNMPv3 communities, and (5) LDAP credentials by leveraging unspecified side effects of service or maintenance activity. (1) Local account (2) SSH Secret key (3) SSL/TLS Secret key (4) SNMPv3 community (5) LDAP Authentication. IBM Flex System is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. The following products are vulnerable: IBM Flex System CMM version 1.00.0 IBM Flex System CMM version 1.20.2 IBM Flex System IMM2 version 1.34 IBM Flex System IMM2 version 1.45 IBM Flex System IMM2 version 1.60
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201212-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flex system chassis management module",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "integrated management module ii",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "flex system chassis management module",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "flex system integrated management module",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005680"
},
{
"db": "NVD",
"id": "CVE-2012-4838"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ibm:flex_system_chassis_management_module",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:flex_system_integrated_management_module",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005680"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM",
"sources": [
{
"db": "BID",
"id": "56850"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4838",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2012-4838",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4838",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2012-4838",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201212-109",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005680"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-109"
},
{
"db": "NVD",
"id": "CVE-2012-4838"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS private keys, (4) SNMPv3 communities, and (5) LDAP credentials by leveraging unspecified side effects of service or maintenance activity. (1) Local account (2) SSH Secret key (3) SSL/TLS Secret key (4) SNMPv3 community (5) LDAP Authentication. IBM Flex System is prone to an information-disclosure vulnerability. \nSuccessful exploits will allow attackers to obtain sensitive information that may aid in further attacks. \nThe following products are vulnerable:\nIBM Flex System CMM version 1.00.0\nIBM Flex System CMM version 1.20.2\nIBM Flex System IMM2 version 1.34\nIBM Flex System IMM2 version 1.45\nIBM Flex System IMM2 version 1.60",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4838"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005680"
},
{
"db": "BID",
"id": "56850"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4838",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005680",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201212-109",
"trust": 0.6
},
{
"db": "BID",
"id": "56850",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "56850"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005680"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-109"
},
{
"db": "NVD",
"id": "CVE-2012-4838"
}
]
},
"id": "VAR-201212-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2024-11-23T23:10:00.612000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Bulletin: Buffer overrun vulnerability when executing unspecified SQL statements in IBM Informix (CVE-2012-4857)",
"trust": 0.8,
"url": "https://www.ibm.com/connections/blogs/PSIRT/entry/flex_system_chassis_management_module_cmm_and_integrated_management_module_2_imm2_potential_security_vulnerability_with_authentication_data_cve_2012_4838_ibm_flex_system8"
},
{
"title": "ibm_fw_cmm_2pet10k_anyos_noarch",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45330"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005680"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-109"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005680"
},
{
"db": "NVD",
"id": "CVE-2012-4838"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.ibm.com/connections/blogs/psirt/entry/flex_system_chassis_management_module_cmm_and_integrated_management_module_2_imm2_potential_security_vulnerability_with_authentication_data_cve_2012_4838_ibm_flex_system8"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79020"
},
{
"trust": 1.6,
"url": "https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=migr-5092001"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4838"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4838"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/"
}
],
"sources": [
{
"db": "BID",
"id": "56850"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005680"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-109"
},
{
"db": "NVD",
"id": "CVE-2012-4838"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "56850"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005680"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-109"
},
{
"db": "NVD",
"id": "CVE-2012-4838"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-07T00:00:00",
"db": "BID",
"id": "56850"
},
{
"date": "2012-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005680"
},
{
"date": "2012-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-109"
},
{
"date": "2012-12-08T15:55:01.103000",
"db": "NVD",
"id": "CVE-2012-4838"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-07T00:00:00",
"db": "BID",
"id": "56850"
},
{
"date": "2012-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005680"
},
{
"date": "2021-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-109"
},
{
"date": "2024-11-21T01:43:35.543000",
"db": "NVD",
"id": "CVE-2012-4838"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "56850"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-109"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Flex System CMM and IMM2 Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005680"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "56850"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.