var-201407-0497
Vulnerability from variot
The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface. Multiple IBM Products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The vulnerability stems from the fact that the program stores plaintext IPMI certificates. An attacker can exploit this vulnerability to execute arbitrary IPMI commands and establish a remote control session of the blade
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0497",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated management module",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "1.36"
},
{
"model": "advanced management module",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "3.65"
},
{
"model": "advanced management module",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "integrated management module ii",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "3.65"
},
{
"model": "integrated management module ii",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "integrated management module",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter management module",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter management module",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "3.66e"
},
{
"model": "integrated management module",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "integrated management module ii",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "integrated management module ii",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "4.15"
},
{
"model": "integrated management module",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "1.43"
},
{
"model": "integrated management module",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "1.36"
},
{
"model": "integrated management module ii",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "3.65"
},
{
"model": "advanced management module",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "3.65"
},
{
"model": "integrated management module yuoog2c",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.42"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8730"
},
{
"model": "bladecenter -t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8720"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8886"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7779"
},
{
"model": "bladecenter -s",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1948"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8750"
},
{
"model": "bladecenter -ht",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8740"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8852"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7989"
},
{
"model": "bladecenter -h",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1886"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8677"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7967"
},
{
"model": "bladecenter -e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1881"
},
{
"model": "bladecenter t advanced management module 32r0835",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "bladecenter hx5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7873"
},
{
"model": "bladecenter hx5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7872"
},
{
"model": "bladecenter hs23e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8039"
},
{
"model": "bladecenter hs23e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8038"
},
{
"model": "bladecenter hs23",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7875"
},
{
"model": "bladecenter hs23",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1929"
},
{
"model": "bladecenter hs22v",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7871"
},
{
"model": "bladecenter hs22v",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1949"
},
{
"model": "bladecenter hs22",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7870"
},
{
"model": "bladecenter hs22",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1936"
},
{
"model": "bladecenter hs22",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1911"
},
{
"model": "bladecenter advanced management module bpet66d 3.66d",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter advanced management module bpeo66d 3.66d",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter advanced management module bbet66d 3.66d",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter advanced management module 25r5778",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "integrated management module yuoog6b",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.43"
},
{
"model": "integrated management module ii aoo58k",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.15"
},
{
"model": "advanced management module bpet66e 3.66e",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "advanced management module bpeo66e 3.66e",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "advanced management module bbet66e 3.66e",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "68400"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003205"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-159"
},
{
"db": "NVD",
"id": "CVE-2014-0860"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ibm:advanced_management_module",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:advanced_management_module_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ibm:integrated_management_module",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ibm:integrated_management_module_ii",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:integrated_management_module_ii_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:integrated_management_module_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003205"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM",
"sources": [
{
"db": "BID",
"id": "68400"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0860",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0860",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-68353",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0860",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0860",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-159",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68353",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003205"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-159"
},
{
"db": "NVD",
"id": "CVE-2014-0860"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface. Multiple IBM Products are prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The vulnerability stems from the fact that the program stores plaintext IPMI certificates. An attacker can exploit this vulnerability to execute arbitrary IPMI commands and establish a remote control session of the blade",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0860"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003205"
},
{
"db": "BID",
"id": "68400"
},
{
"db": "VULHUB",
"id": "VHN-68353"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0860",
"trust": 2.8
},
{
"db": "XF",
"id": "90880",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003205",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-159",
"trust": 0.7
},
{
"db": "BID",
"id": "68400",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-68353",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68353"
},
{
"db": "BID",
"id": "68400"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003205"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-159"
},
{
"db": "NVD",
"id": "CVE-2014-0860"
}
]
},
"id": "VAR-201407-0497",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-68353"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:02:44.699000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MIGR-5095840",
"trust": 0.8,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
},
{
"title": "ibm_fw_imm2_1aoo58k-4.15_bc-anyos_noarch",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51010"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003205"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-159"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003205"
},
{
"db": "NVD",
"id": "CVE-2014-0860"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095840"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/90880"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0860"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0860"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095840"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68353"
},
{
"db": "BID",
"id": "68400"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003205"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-159"
},
{
"db": "NVD",
"id": "CVE-2014-0860"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-68353"
},
{
"db": "BID",
"id": "68400"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003205"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-159"
},
{
"db": "NVD",
"id": "CVE-2014-0860"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-68353"
},
{
"date": "2014-05-12T00:00:00",
"db": "BID",
"id": "68400"
},
{
"date": "2014-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003205"
},
{
"date": "2014-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-159"
},
{
"date": "2014-07-07T11:01:28.680000",
"db": "NVD",
"id": "CVE-2014-0860"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-68353"
},
{
"date": "2014-05-12T00:00:00",
"db": "BID",
"id": "68400"
},
{
"date": "2014-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003205"
},
{
"date": "2014-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-159"
},
{
"date": "2024-11-21T02:02:55.597000",
"db": "NVD",
"id": "CVE-2014-0860"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-159"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural IBM Any in the product firmware IPMI Command execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003205"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-159"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.