Search criteria
27 vulnerabilities found for advanced_management_module by ibm
FKIE_CVE-2014-0860
Vulnerability from fkie_nvd - Published: 2014-07-07 11:01 - Updated: 2025-04-12 10:46
Severity ?
Summary
The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEE77E6-DC53-4710-9584-FD2CEACB46BE",
"versionEndIncluding": "1.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:integrated_management_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA49FD93-328A-4E60-8BD1-817936DE2E82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E920A51B-0382-4474-870C-C6AD285FA6DF",
"versionEndIncluding": "3.65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "357307A8-421E-4433-A985-505565B0830A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D348D34E-1379-4CBA-A21C-3E13DA279A5F",
"versionEndIncluding": "3.65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:integrated_management_module_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE67F95-2ECE-4BF5-8E4B-2D6390160FCE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface."
},
{
"lang": "es",
"value": "El firmware anterior a 3.66E en IBM BladeCenter Advanced Management Module (AMM), el firmware anterior a 1.43 en IBM Integrated Management Module (IMM), y el firmware anterior a 4.15 en IBM Integrated Management Module II (IMM2) contiene los credenciales IPMI en texto claro, lo que permite a atacantes remotos ejecutar comandos IPMI arbitrarios, y como consecuencia establecer una sesi\u00f3n de control remoto blade, mediante el aprovechamiento del acceso a (1) el chassis internal network o (2) la interfaz \u0027Ethernet-over-USB\u0027."
}
],
"id": "CVE-2014-0860",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-07T11:01:28.680",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4007
Vulnerability from fkie_nvd - Published: 2013-08-16 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:*:l:*:*:*:*:*:*",
"matchCriteriaId": "AC52F58A-CC17-48B4-ABB1-7470AE5FFBDE",
"versionEndIncluding": "2.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:*:g:*:*:*:*:*:*",
"matchCriteriaId": "65D8F61D-3A9B-4851-A59E-B7594DFDE9A8",
"versionEndIncluding": "3.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "478D3D8F-338F-494A-A3FF-5B1007DD90CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "DF211E79-BC73-4D6A-8153-19AEE82345D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "231325FC-D582-41B6-8CF4-07FEE414D19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:f:*:*:*:*:*:*",
"matchCriteriaId": "F2F265EA-4CDD-4B6F-9212-74D395F6034A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01662B-8A72-4011-AA27-5A12C6B56FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:e:*:*:*:*:*:*",
"matchCriteriaId": "9DFF42E1-162B-46EA-BDB6-E3452201550A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:i:*:*:*:*:*:*",
"matchCriteriaId": "BBFF96E9-59AB-40D8-A531-7FB36A4B1E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:b:*:*:*:*:*:*",
"matchCriteriaId": "EACAF1A3-EADC-4E15-AE0C-76F6E1FE5219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:e:*:*:*:*:*:*",
"matchCriteriaId": "0E5AA726-67C7-43EF-AB4C-DC9EC2AB39A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:h:*:*:*:*:*:*",
"matchCriteriaId": "0B967754-11D2-4903-AB8E-6608FD0FD836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:i:*:*:*:*:*:*",
"matchCriteriaId": "1F293BB5-4169-49EC-8DF4-3F0575F7F4D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:k:*:*:*:*:*:*",
"matchCriteriaId": "178B4552-5FE7-439F-86C4-5123F23F4117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.28:g:*:*:*:*:*:*",
"matchCriteriaId": "F58BC7F2-438E-4681-9741-7A8DC581DE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.32:d:*:*:*:*:*:*",
"matchCriteriaId": "86CF34AF-A48D-4CE0-9144-5209A16C9C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:b:*:*:*:*:*:*",
"matchCriteriaId": "A555F94B-2D23-4ED6-947C-CBEC1A2768C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:e:*:*:*:*:*:*",
"matchCriteriaId": "AEC68099-D84F-4516-8D6A-3580F49DF4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:d:*:*:*:*:*:*",
"matchCriteriaId": "304A13AA-E04B-43B6-84DD-3235170F5C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:g:*:*:*:*:*:*",
"matchCriteriaId": "F26C2C6D-D2E1-42D6-A700-53AD1D3A3876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:h:*:*:*:*:*:*",
"matchCriteriaId": "5F61FF30-2B40-44A3-8257-69E92EC0DE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:k:*:*:*:*:*:*",
"matchCriteriaId": "EF1B6195-649E-4577-99F3-B04C0B762FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:d:*:*:*:*:*:*",
"matchCriteriaId": "377C2D86-620B-4BC8-A118-9B52EBC609D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:f:*:*:*:*:*:*",
"matchCriteriaId": "E9BB015A-30D6-4942-BAC6-DD96E151B8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:i:*:*:*:*:*:*",
"matchCriteriaId": "7B916267-C840-48C5-B3DC-73BCDA9C91C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:n:*:*:*:*:*:*",
"matchCriteriaId": "6D979D22-C158-41DE-8AFA-EF3C040B1F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:o:*:*:*:*:*:*",
"matchCriteriaId": "66B0F30E-1E3F-4BD4-BE24-0A26C4CA56E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:t:*:*:*:*:*:*",
"matchCriteriaId": "2C927655-9D61-4921-AA51-27E7D6A2007C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:c:*:*:*:*:*:*",
"matchCriteriaId": "1ED4EBB8-760C-4DA6-8404-3BB104D08656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:j:*:*:*:*:*:*",
"matchCriteriaId": "C65476D1-5104-4DE1-B0DF-FBD811F74ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:c:*:*:*:*:*:*",
"matchCriteriaId": "A2F8CD93-5278-43F6-87E0-0FED8ACD330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:d:*:*:*:*:*:*",
"matchCriteriaId": "6460DE58-67FA-44AE-B20F-A60BAC07F516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:g:*:*:*:*:*:*",
"matchCriteriaId": "54EAE737-288C-4F0E-A510-44C8B4B94E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:n:*:*:*:*:*:*",
"matchCriteriaId": "D29A5D9C-E5F7-4228-A63F-82F2A55E242E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:c:*:*:*:*:*:*",
"matchCriteriaId": "EA87A054-0FF2-407C-95C7-21CC7C98801C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:g:*:*:*:*:*:*",
"matchCriteriaId": "8BDD8DB8-3B3B-4A10-BEF5-703D6DB7E874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:k:*:*:*:*:*:*",
"matchCriteriaId": "0D10BE3E-7AB3-4F75-BB38-BB9EB5D27BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:p:*:*:*:*:*:*",
"matchCriteriaId": "2274C274-E094-4F01-9D81-B5FC1FAD3F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:3.54:d:*:*:*:*:*:*",
"matchCriteriaId": "542C8BC6-078E-4B06-8092-31F8BE90E382",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en adv_sw.php en Advanced Management Module (AMM) con firmware BBET anterior a BBET64G y BPET anterior a BPET64G para sistemas IBM BladeCenter, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores desconocidos."
}
],
"id": "CVE-2013-4007",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-16T01:55:16.113",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85274"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-2656
Vulnerability from fkie_nvd - Published: 2010-07-08 12:54 - Updated: 2025-04-11 00:51
Severity ?
Summary
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:*:l:*:*:*:*:*:*",
"matchCriteriaId": "AC52F58A-CC17-48B4-ABB1-7470AE5FFBDE",
"versionEndIncluding": "2.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "478D3D8F-338F-494A-A3FF-5B1007DD90CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "DF211E79-BC73-4D6A-8153-19AEE82345D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "231325FC-D582-41B6-8CF4-07FEE414D19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:f:*:*:*:*:*:*",
"matchCriteriaId": "F2F265EA-4CDD-4B6F-9212-74D395F6034A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01662B-8A72-4011-AA27-5A12C6B56FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:e:*:*:*:*:*:*",
"matchCriteriaId": "9DFF42E1-162B-46EA-BDB6-E3452201550A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:i:*:*:*:*:*:*",
"matchCriteriaId": "BBFF96E9-59AB-40D8-A531-7FB36A4B1E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:b:*:*:*:*:*:*",
"matchCriteriaId": "EACAF1A3-EADC-4E15-AE0C-76F6E1FE5219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:e:*:*:*:*:*:*",
"matchCriteriaId": "0E5AA726-67C7-43EF-AB4C-DC9EC2AB39A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:h:*:*:*:*:*:*",
"matchCriteriaId": "0B967754-11D2-4903-AB8E-6608FD0FD836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:i:*:*:*:*:*:*",
"matchCriteriaId": "1F293BB5-4169-49EC-8DF4-3F0575F7F4D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:k:*:*:*:*:*:*",
"matchCriteriaId": "178B4552-5FE7-439F-86C4-5123F23F4117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.28:g:*:*:*:*:*:*",
"matchCriteriaId": "F58BC7F2-438E-4681-9741-7A8DC581DE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.32:d:*:*:*:*:*:*",
"matchCriteriaId": "86CF34AF-A48D-4CE0-9144-5209A16C9C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:b:*:*:*:*:*:*",
"matchCriteriaId": "A555F94B-2D23-4ED6-947C-CBEC1A2768C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:e:*:*:*:*:*:*",
"matchCriteriaId": "AEC68099-D84F-4516-8D6A-3580F49DF4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:d:*:*:*:*:*:*",
"matchCriteriaId": "304A13AA-E04B-43B6-84DD-3235170F5C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:g:*:*:*:*:*:*",
"matchCriteriaId": "F26C2C6D-D2E1-42D6-A700-53AD1D3A3876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:h:*:*:*:*:*:*",
"matchCriteriaId": "5F61FF30-2B40-44A3-8257-69E92EC0DE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:k:*:*:*:*:*:*",
"matchCriteriaId": "EF1B6195-649E-4577-99F3-B04C0B762FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:d:*:*:*:*:*:*",
"matchCriteriaId": "377C2D86-620B-4BC8-A118-9B52EBC609D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:f:*:*:*:*:*:*",
"matchCriteriaId": "E9BB015A-30D6-4942-BAC6-DD96E151B8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:i:*:*:*:*:*:*",
"matchCriteriaId": "7B916267-C840-48C5-B3DC-73BCDA9C91C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:n:*:*:*:*:*:*",
"matchCriteriaId": "6D979D22-C158-41DE-8AFA-EF3C040B1F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:o:*:*:*:*:*:*",
"matchCriteriaId": "66B0F30E-1E3F-4BD4-BE24-0A26C4CA56E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:t:*:*:*:*:*:*",
"matchCriteriaId": "2C927655-9D61-4921-AA51-27E7D6A2007C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:c:*:*:*:*:*:*",
"matchCriteriaId": "1ED4EBB8-760C-4DA6-8404-3BB104D08656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:j:*:*:*:*:*:*",
"matchCriteriaId": "C65476D1-5104-4DE1-B0DF-FBD811F74ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:c:*:*:*:*:*:*",
"matchCriteriaId": "A2F8CD93-5278-43F6-87E0-0FED8ACD330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:d:*:*:*:*:*:*",
"matchCriteriaId": "6460DE58-67FA-44AE-B20F-A60BAC07F516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:g:*:*:*:*:*:*",
"matchCriteriaId": "54EAE737-288C-4F0E-A510-44C8B4B94E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:n:*:*:*:*:*:*",
"matchCriteriaId": "D29A5D9C-E5F7-4228-A63F-82F2A55E242E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:c:*:*:*:*:*:*",
"matchCriteriaId": "EA87A054-0FF2-407C-95C7-21CC7C98801C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:g:*:*:*:*:*:*",
"matchCriteriaId": "8BDD8DB8-3B3B-4A10-BEF5-703D6DB7E874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:k:*:*:*:*:*:*",
"matchCriteriaId": "0D10BE3E-7AB3-4F75-BB38-BB9EB5D27BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:p:*:*:*:*:*:*",
"matchCriteriaId": "2274C274-E094-4F01-9D81-B5FC1FAD3F8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C9F62C-79C0-4079-824C-E076DA20CE2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz."
},
{
"lang": "es",
"value": "El BladeCenter de IBM con Advanced Management Module (AMM) firmware build ID BPET48L, y posiblemente otras versiones anteriores a v4.7 y v5.0, almacena informaci\u00f3n sensible bajo la ra\u00edz web con insuficiente control de acceso, lo cual permite a los atacantes remotos descargar (1) logs o (2) archivos del n\u00facleo mediante una petici\u00f3n directa, como se ha demostrado mediante una petici\u00f3n para private/sdc.tgz."
}
],
"id": "CVE-2010-2656",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-08T12:54:47.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66123"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41383"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-2654
Vulnerability from fkie_nvd - Published: 2010-07-08 12:54 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:*:l:*:*:*:*:*:*",
"matchCriteriaId": "AC52F58A-CC17-48B4-ABB1-7470AE5FFBDE",
"versionEndIncluding": "2.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:*:g:*:*:*:*:*:*",
"matchCriteriaId": "65D8F61D-3A9B-4851-A59E-B7594DFDE9A8",
"versionEndIncluding": "3.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "478D3D8F-338F-494A-A3FF-5B1007DD90CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "DF211E79-BC73-4D6A-8153-19AEE82345D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "231325FC-D582-41B6-8CF4-07FEE414D19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:f:*:*:*:*:*:*",
"matchCriteriaId": "F2F265EA-4CDD-4B6F-9212-74D395F6034A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01662B-8A72-4011-AA27-5A12C6B56FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:e:*:*:*:*:*:*",
"matchCriteriaId": "9DFF42E1-162B-46EA-BDB6-E3452201550A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:i:*:*:*:*:*:*",
"matchCriteriaId": "BBFF96E9-59AB-40D8-A531-7FB36A4B1E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:b:*:*:*:*:*:*",
"matchCriteriaId": "EACAF1A3-EADC-4E15-AE0C-76F6E1FE5219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:e:*:*:*:*:*:*",
"matchCriteriaId": "0E5AA726-67C7-43EF-AB4C-DC9EC2AB39A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:h:*:*:*:*:*:*",
"matchCriteriaId": "0B967754-11D2-4903-AB8E-6608FD0FD836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:i:*:*:*:*:*:*",
"matchCriteriaId": "1F293BB5-4169-49EC-8DF4-3F0575F7F4D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:k:*:*:*:*:*:*",
"matchCriteriaId": "178B4552-5FE7-439F-86C4-5123F23F4117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.28:g:*:*:*:*:*:*",
"matchCriteriaId": "F58BC7F2-438E-4681-9741-7A8DC581DE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.32:d:*:*:*:*:*:*",
"matchCriteriaId": "86CF34AF-A48D-4CE0-9144-5209A16C9C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:b:*:*:*:*:*:*",
"matchCriteriaId": "A555F94B-2D23-4ED6-947C-CBEC1A2768C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:e:*:*:*:*:*:*",
"matchCriteriaId": "AEC68099-D84F-4516-8D6A-3580F49DF4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:d:*:*:*:*:*:*",
"matchCriteriaId": "304A13AA-E04B-43B6-84DD-3235170F5C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:g:*:*:*:*:*:*",
"matchCriteriaId": "F26C2C6D-D2E1-42D6-A700-53AD1D3A3876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:h:*:*:*:*:*:*",
"matchCriteriaId": "5F61FF30-2B40-44A3-8257-69E92EC0DE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:k:*:*:*:*:*:*",
"matchCriteriaId": "EF1B6195-649E-4577-99F3-B04C0B762FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:d:*:*:*:*:*:*",
"matchCriteriaId": "377C2D86-620B-4BC8-A118-9B52EBC609D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:f:*:*:*:*:*:*",
"matchCriteriaId": "E9BB015A-30D6-4942-BAC6-DD96E151B8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:i:*:*:*:*:*:*",
"matchCriteriaId": "7B916267-C840-48C5-B3DC-73BCDA9C91C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:n:*:*:*:*:*:*",
"matchCriteriaId": "6D979D22-C158-41DE-8AFA-EF3C040B1F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:o:*:*:*:*:*:*",
"matchCriteriaId": "66B0F30E-1E3F-4BD4-BE24-0A26C4CA56E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:t:*:*:*:*:*:*",
"matchCriteriaId": "2C927655-9D61-4921-AA51-27E7D6A2007C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:c:*:*:*:*:*:*",
"matchCriteriaId": "1ED4EBB8-760C-4DA6-8404-3BB104D08656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:j:*:*:*:*:*:*",
"matchCriteriaId": "C65476D1-5104-4DE1-B0DF-FBD811F74ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:c:*:*:*:*:*:*",
"matchCriteriaId": "A2F8CD93-5278-43F6-87E0-0FED8ACD330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:d:*:*:*:*:*:*",
"matchCriteriaId": "6460DE58-67FA-44AE-B20F-A60BAC07F516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:g:*:*:*:*:*:*",
"matchCriteriaId": "54EAE737-288C-4F0E-A510-44C8B4B94E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:n:*:*:*:*:*:*",
"matchCriteriaId": "D29A5D9C-E5F7-4228-A63F-82F2A55E242E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:c:*:*:*:*:*:*",
"matchCriteriaId": "EA87A054-0FF2-407C-95C7-21CC7C98801C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:g:*:*:*:*:*:*",
"matchCriteriaId": "8BDD8DB8-3B3B-4A10-BEF5-703D6DB7E874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:k:*:*:*:*:*:*",
"matchCriteriaId": "0D10BE3E-7AB3-4F75-BB38-BB9EB5D27BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:p:*:*:*:*:*:*",
"matchCriteriaId": "2274C274-E094-4F01-9D81-B5FC1FAD3F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:3.54:d:*:*:*:*:*:*",
"matchCriteriaId": "542C8BC6-078E-4B06-8092-31F8BE90E382",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C9F62C-79C0-4079-824C-E076DA20CE2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el BladeCenter de IBM con Advanced Management Module (AMM) firmware build ID BPET48L, y posiblemente otras versiones anteriores a v4.7 y v5.0, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro (1) INDEX o (2) IPADDR a private/cindefn.php, (3) el par\u00e1metro dominio a private/power_management_policy_options.php, el par\u00e1metro slot a (4) private/pm_temp.php o (5) private/power_module.php, (6) el par\u00e1metro WEBINDEX a private/blade_leds.php, o (7) el par\u00e1metro SLOT a private/ipmi_bladestatus.php."
}
],
"id": "CVE-2010-2654",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-07-08T12:54:47.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66122"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66125"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66126"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66127"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66128"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66129"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66130"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41383"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-2655
Vulnerability from fkie_nvd - Published: 2010-07-08 12:54 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:*:l:*:*:*:*:*:*",
"matchCriteriaId": "AC52F58A-CC17-48B4-ABB1-7470AE5FFBDE",
"versionEndIncluding": "2.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "478D3D8F-338F-494A-A3FF-5B1007DD90CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "DF211E79-BC73-4D6A-8153-19AEE82345D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "231325FC-D582-41B6-8CF4-07FEE414D19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:f:*:*:*:*:*:*",
"matchCriteriaId": "F2F265EA-4CDD-4B6F-9212-74D395F6034A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01662B-8A72-4011-AA27-5A12C6B56FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:e:*:*:*:*:*:*",
"matchCriteriaId": "9DFF42E1-162B-46EA-BDB6-E3452201550A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:i:*:*:*:*:*:*",
"matchCriteriaId": "BBFF96E9-59AB-40D8-A531-7FB36A4B1E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:b:*:*:*:*:*:*",
"matchCriteriaId": "EACAF1A3-EADC-4E15-AE0C-76F6E1FE5219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:e:*:*:*:*:*:*",
"matchCriteriaId": "0E5AA726-67C7-43EF-AB4C-DC9EC2AB39A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:h:*:*:*:*:*:*",
"matchCriteriaId": "0B967754-11D2-4903-AB8E-6608FD0FD836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:i:*:*:*:*:*:*",
"matchCriteriaId": "1F293BB5-4169-49EC-8DF4-3F0575F7F4D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:k:*:*:*:*:*:*",
"matchCriteriaId": "178B4552-5FE7-439F-86C4-5123F23F4117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.28:g:*:*:*:*:*:*",
"matchCriteriaId": "F58BC7F2-438E-4681-9741-7A8DC581DE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.32:d:*:*:*:*:*:*",
"matchCriteriaId": "86CF34AF-A48D-4CE0-9144-5209A16C9C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:b:*:*:*:*:*:*",
"matchCriteriaId": "A555F94B-2D23-4ED6-947C-CBEC1A2768C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:e:*:*:*:*:*:*",
"matchCriteriaId": "AEC68099-D84F-4516-8D6A-3580F49DF4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:d:*:*:*:*:*:*",
"matchCriteriaId": "304A13AA-E04B-43B6-84DD-3235170F5C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:g:*:*:*:*:*:*",
"matchCriteriaId": "F26C2C6D-D2E1-42D6-A700-53AD1D3A3876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:h:*:*:*:*:*:*",
"matchCriteriaId": "5F61FF30-2B40-44A3-8257-69E92EC0DE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:k:*:*:*:*:*:*",
"matchCriteriaId": "EF1B6195-649E-4577-99F3-B04C0B762FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:d:*:*:*:*:*:*",
"matchCriteriaId": "377C2D86-620B-4BC8-A118-9B52EBC609D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:f:*:*:*:*:*:*",
"matchCriteriaId": "E9BB015A-30D6-4942-BAC6-DD96E151B8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:i:*:*:*:*:*:*",
"matchCriteriaId": "7B916267-C840-48C5-B3DC-73BCDA9C91C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:n:*:*:*:*:*:*",
"matchCriteriaId": "6D979D22-C158-41DE-8AFA-EF3C040B1F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:o:*:*:*:*:*:*",
"matchCriteriaId": "66B0F30E-1E3F-4BD4-BE24-0A26C4CA56E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:t:*:*:*:*:*:*",
"matchCriteriaId": "2C927655-9D61-4921-AA51-27E7D6A2007C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:c:*:*:*:*:*:*",
"matchCriteriaId": "1ED4EBB8-760C-4DA6-8404-3BB104D08656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:j:*:*:*:*:*:*",
"matchCriteriaId": "C65476D1-5104-4DE1-B0DF-FBD811F74ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:c:*:*:*:*:*:*",
"matchCriteriaId": "A2F8CD93-5278-43F6-87E0-0FED8ACD330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:d:*:*:*:*:*:*",
"matchCriteriaId": "6460DE58-67FA-44AE-B20F-A60BAC07F516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:g:*:*:*:*:*:*",
"matchCriteriaId": "54EAE737-288C-4F0E-A510-44C8B4B94E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:n:*:*:*:*:*:*",
"matchCriteriaId": "D29A5D9C-E5F7-4228-A63F-82F2A55E242E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:c:*:*:*:*:*:*",
"matchCriteriaId": "EA87A054-0FF2-407C-95C7-21CC7C98801C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:g:*:*:*:*:*:*",
"matchCriteriaId": "8BDD8DB8-3B3B-4A10-BEF5-703D6DB7E874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:k:*:*:*:*:*:*",
"matchCriteriaId": "0D10BE3E-7AB3-4F75-BB38-BB9EB5D27BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:p:*:*:*:*:*:*",
"matchCriteriaId": "2274C274-E094-4F01-9D81-B5FC1FAD3F8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C9F62C-79C0-4079-824C-E076DA20CE2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en private/file_management.php en el BladeCenter de IBM con el Advanced Management Module (AMM) firmware build ID BPET48L, y posiblemente otras versiones antes de v4.7 y v5.0, permite a usuarios remotos autenticados listar directorios a su elecci\u00f3n y posiblemente tener otro impacto no especificado a trav\u00e9s de un .. (punto punto) en el par\u00e1metro DIR."
}
],
"id": "CVE-2010-2655",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-08T12:54:47.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66124"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41383"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1460
Vulnerability from fkie_nvd - Published: 2010-04-16 18:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:*:c:*:*:*:*:*:*",
"matchCriteriaId": "5E8D5B2E-3AB5-480F-B752-B8BA9A262C16",
"versionEndIncluding": "2.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "478D3D8F-338F-494A-A3FF-5B1007DD90CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "DF211E79-BC73-4D6A-8153-19AEE82345D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "231325FC-D582-41B6-8CF4-07FEE414D19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:f:*:*:*:*:*:*",
"matchCriteriaId": "F2F265EA-4CDD-4B6F-9212-74D395F6034A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7A01662B-8A72-4011-AA27-5A12C6B56FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:e:*:*:*:*:*:*",
"matchCriteriaId": "9DFF42E1-162B-46EA-BDB6-E3452201550A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:i:*:*:*:*:*:*",
"matchCriteriaId": "BBFF96E9-59AB-40D8-A531-7FB36A4B1E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:b:*:*:*:*:*:*",
"matchCriteriaId": "EACAF1A3-EADC-4E15-AE0C-76F6E1FE5219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:e:*:*:*:*:*:*",
"matchCriteriaId": "0E5AA726-67C7-43EF-AB4C-DC9EC2AB39A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:h:*:*:*:*:*:*",
"matchCriteriaId": "0B967754-11D2-4903-AB8E-6608FD0FD836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:i:*:*:*:*:*:*",
"matchCriteriaId": "1F293BB5-4169-49EC-8DF4-3F0575F7F4D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:k:*:*:*:*:*:*",
"matchCriteriaId": "178B4552-5FE7-439F-86C4-5123F23F4117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.28:g:*:*:*:*:*:*",
"matchCriteriaId": "F58BC7F2-438E-4681-9741-7A8DC581DE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.32:d:*:*:*:*:*:*",
"matchCriteriaId": "86CF34AF-A48D-4CE0-9144-5209A16C9C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:b:*:*:*:*:*:*",
"matchCriteriaId": "A555F94B-2D23-4ED6-947C-CBEC1A2768C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:e:*:*:*:*:*:*",
"matchCriteriaId": "AEC68099-D84F-4516-8D6A-3580F49DF4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:d:*:*:*:*:*:*",
"matchCriteriaId": "304A13AA-E04B-43B6-84DD-3235170F5C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:g:*:*:*:*:*:*",
"matchCriteriaId": "F26C2C6D-D2E1-42D6-A700-53AD1D3A3876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:h:*:*:*:*:*:*",
"matchCriteriaId": "5F61FF30-2B40-44A3-8257-69E92EC0DE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:k:*:*:*:*:*:*",
"matchCriteriaId": "EF1B6195-649E-4577-99F3-B04C0B762FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:d:*:*:*:*:*:*",
"matchCriteriaId": "377C2D86-620B-4BC8-A118-9B52EBC609D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:f:*:*:*:*:*:*",
"matchCriteriaId": "E9BB015A-30D6-4942-BAC6-DD96E151B8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:i:*:*:*:*:*:*",
"matchCriteriaId": "7B916267-C840-48C5-B3DC-73BCDA9C91C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:n:*:*:*:*:*:*",
"matchCriteriaId": "6D979D22-C158-41DE-8AFA-EF3C040B1F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:o:*:*:*:*:*:*",
"matchCriteriaId": "66B0F30E-1E3F-4BD4-BE24-0A26C4CA56E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:t:*:*:*:*:*:*",
"matchCriteriaId": "2C927655-9D61-4921-AA51-27E7D6A2007C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:c:*:*:*:*:*:*",
"matchCriteriaId": "1ED4EBB8-760C-4DA6-8404-3BB104D08656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:j:*:*:*:*:*:*",
"matchCriteriaId": "C65476D1-5104-4DE1-B0DF-FBD811F74ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:c:*:*:*:*:*:*",
"matchCriteriaId": "A2F8CD93-5278-43F6-87E0-0FED8ACD330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:d:*:*:*:*:*:*",
"matchCriteriaId": "6460DE58-67FA-44AE-B20F-A60BAC07F516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:g:*:*:*:*:*:*",
"matchCriteriaId": "54EAE737-288C-4F0E-A510-44C8B4B94E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:l:*:*:*:*:*:*",
"matchCriteriaId": "4DF194B0-B7BE-47AF-907D-214AF43DEFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:n:*:*:*:*:*:*",
"matchCriteriaId": "D29A5D9C-E5F7-4228-A63F-82F2A55E242E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C9F62C-79C0-4079-824C-E076DA20CE2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data."
},
{
"lang": "es",
"value": "El firmware IBM BladeCenter con Advanced Management Module (AMM) anterior bpet50g no realiza la interrupci\u00f3n compartida adecuadamente para USB y iSCSI, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio m\u00f3dulo de gesti\u00f3n) a trav\u00e9s de paquetes TCP con datos de programa malformados. \r\n"
}
],
"id": "CVE-2010-1460",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-16T18:30:00.413",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dsecrg.com/pages/vul/show.php?id=149"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/510744/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/39499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dsecrg.com/pages/vul/show.php?id=149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/510744/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/39499"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1290
Vulnerability from fkie_nvd - Published: 2009-04-13 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | advanced_management_module | 1.36h | |
| ibm | bladecenter | e | |
| ibm | bladecenter | e | |
| ibm | bladecenter | e | |
| ibm | bladecenter | h | |
| ibm | bladecenter | h | |
| ibm | bladecenter | hc10 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs20 | |
| ibm | bladecenter | hs21 | |
| ibm | bladecenter | hs21 | |
| ibm | bladecenter | hs21_xm | |
| ibm | bladecenter | hs21_xm | |
| ibm | bladecenter | ht | |
| ibm | bladecenter | ht | |
| ibm | bladecenter | js12 | |
| ibm | bladecenter | js21 | |
| ibm | bladecenter | js21 | |
| ibm | bladecenter | js22 | |
| ibm | bladecenter | ls20 | |
| ibm | bladecenter | ls21 | |
| ibm | bladecenter | ls41 | |
| ibm | bladecenter | qs21 | |
| ibm | bladecenter | qs22 | |
| ibm | bladecenter | s | |
| ibm | bladecenter | s | |
| ibm | bladecenter | t | |
| ibm | bladecenter | t |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:advanced_management_module:1.36h:*:*:*:*:*:*:*",
"matchCriteriaId": "65D2F618-192F-449D-B182-0AF5CAAE730B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:1881:*:*:*:*:*",
"matchCriteriaId": "F0D41279-6729-447A-A9CE-EFD83D82DC19",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:7967:*:*:*:*:*",
"matchCriteriaId": "F578E536-42AE-4ABB-999B-C0F1249913D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:8677:*:*:*:*:*",
"matchCriteriaId": "BDE7F2D8-362B-49E5-B110-F5845F337FE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:h:*:7989:*:*:*:*:*",
"matchCriteriaId": "0BAADDA3-CD72-4F14-B2CA-6EDA5E4EAEF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:h:*:8852:*:*:*:*:*",
"matchCriteriaId": "D22C37E6-62A0-48FD-8000-91270C14B646",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hc10:*:7996:*:*:*:*:*",
"matchCriteriaId": "E98311E3-E944-4380-B52A-CCB7895187B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:1916:*:*:*:*:*",
"matchCriteriaId": "B77405D4-F9B6-445A-9124-AAF53F955FA0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8014:*:*:*:*:*",
"matchCriteriaId": "CA2824FF-1585-4035-AB47-24835688BEE6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8028:*:*:*:*:*",
"matchCriteriaId": "2BE05E6A-F41B-4F5B-BF80-E9848BC21D5D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs20:*:1883:*:*:*:*:*",
"matchCriteriaId": "84927A93-FBE6-4A9D-937C-73D84FDA0CFE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:1885:*:*:*:*:*",
"matchCriteriaId": "6AD291A9-FD2A-4F2E-AA5A-F587781FF208",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:8853:*:*:*:*:*",
"matchCriteriaId": "61A7429A-EA22-4CC3-9177-EBD739BB55AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:1915:*:*:*:*:*",
"matchCriteriaId": "177AB1AA-15CC-416C-A47B-7C290F23EC31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:7995:*:*:*:*:*",
"matchCriteriaId": "1210591D-6168-4C99-A40F-18BCC49656F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8740:*:*:*:*:*",
"matchCriteriaId": "E2C199D1-B4F3-4939-A216-30836490B4F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8750:*:*:*:*:*",
"matchCriteriaId": "FD438583-D9C6-40CD-9526-D42E8FAC6689",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js12:*:7998:*:*:*:*:*",
"matchCriteriaId": "8D690D2D-174D-40CB-9273-8FA8E75EACDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:7988:*:*:*:*:*",
"matchCriteriaId": "FBC94677-BF7E-4DEE-9C2B-EEF4E730E6F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:8844:*:*:*:*:*",
"matchCriteriaId": "B0B7B3D3-306D-45C1-992F-8DBE78106A0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js22:*:7998:*:*:*:*:*",
"matchCriteriaId": "97B880FC-2992-4644-B40D-BFD857ADDF7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls20:*:8850:*:*:*:*:*",
"matchCriteriaId": "55CF4234-A310-4A08-9BFA-6CA0E46F50CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls21:*:7971:*:*:*:*:*",
"matchCriteriaId": "FF502A54-6B7B-4ED9-932B-DC51A440D145",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls41:*:7972:*:*:*:*:*",
"matchCriteriaId": "7A7C4912-DCDC-4402-BC10-B7BCE2821E86",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:qs21:*:0792:*:*:*:*:*",
"matchCriteriaId": "6D2473A1-0DBB-4A17-8330-1E835D793815",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:qs22:*:0793:*:*:*:*:*",
"matchCriteriaId": "F7BD9823-CDFB-4E75-B9CA-AB4D53BE22DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:s:*:1948:*:*:*:*:*",
"matchCriteriaId": "3D8C051F-56B7-4B6D-8357-4E1B76DAE024",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:s:*:8886:*:*:*:*:*",
"matchCriteriaId": "9AC31661-5830-4FB3-8970-7C26D0658BC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*",
"matchCriteriaId": "A7C6F823-C727-45DA-A623-3F95C92CFE76",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*",
"matchCriteriaId": "9B853206-C826-4215-9A56-8CAF9D018603",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados(CSRF) en la interfaz de administraci\u00f3n web en el M\u00f3dulo de Gesti\u00f3n Avanzada (AMM) en el IBM BladeCenter, incluidos los BladeCenter H con BPET36H 54, permiten a atacantes remotos realizar acciones no autorizadas como administradores, como lo demuestra una solicitud de apagado al script private/blade_power_action."
}
],
"id": "CVE-2009-1290",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-13T16:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53660"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1022025"
},
{
"source": "cve@mitre.org",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34447"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1288
Vulnerability from fkie_nvd - Published: 2009-04-13 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | advanced_management_module | 1.36h | |
| ibm | bladecenter | e | |
| ibm | bladecenter | e | |
| ibm | bladecenter | e | |
| ibm | bladecenter | h | |
| ibm | bladecenter | h | |
| ibm | bladecenter | hc10 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs20 | |
| ibm | bladecenter | hs21 | |
| ibm | bladecenter | hs21 | |
| ibm | bladecenter | hs21_xm | |
| ibm | bladecenter | hs21_xm | |
| ibm | bladecenter | ht | |
| ibm | bladecenter | ht | |
| ibm | bladecenter | js12 | |
| ibm | bladecenter | js21 | |
| ibm | bladecenter | js21 | |
| ibm | bladecenter | js22 | |
| ibm | bladecenter | ls20 | |
| ibm | bladecenter | ls21 | |
| ibm | bladecenter | ls41 | |
| ibm | bladecenter | qs21 | |
| ibm | bladecenter | qs22 | |
| ibm | bladecenter | s | |
| ibm | bladecenter | s | |
| ibm | bladecenter | t | |
| ibm | bladecenter | t |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:advanced_management_module:1.36h:*:*:*:*:*:*:*",
"matchCriteriaId": "65D2F618-192F-449D-B182-0AF5CAAE730B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:1881:*:*:*:*:*",
"matchCriteriaId": "F0D41279-6729-447A-A9CE-EFD83D82DC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:7967:*:*:*:*:*",
"matchCriteriaId": "F578E536-42AE-4ABB-999B-C0F1249913D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:8677:*:*:*:*:*",
"matchCriteriaId": "BDE7F2D8-362B-49E5-B110-F5845F337FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:h:*:7989:*:*:*:*:*",
"matchCriteriaId": "0BAADDA3-CD72-4F14-B2CA-6EDA5E4EAEF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:h:*:8852:*:*:*:*:*",
"matchCriteriaId": "D22C37E6-62A0-48FD-8000-91270C14B646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hc10:*:7996:*:*:*:*:*",
"matchCriteriaId": "E98311E3-E944-4380-B52A-CCB7895187B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:1916:*:*:*:*:*",
"matchCriteriaId": "B77405D4-F9B6-445A-9124-AAF53F955FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8014:*:*:*:*:*",
"matchCriteriaId": "CA2824FF-1585-4035-AB47-24835688BEE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8028:*:*:*:*:*",
"matchCriteriaId": "2BE05E6A-F41B-4F5B-BF80-E9848BC21D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs20:*:1883:*:*:*:*:*",
"matchCriteriaId": "84927A93-FBE6-4A9D-937C-73D84FDA0CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:1885:*:*:*:*:*",
"matchCriteriaId": "6AD291A9-FD2A-4F2E-AA5A-F587781FF208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:8853:*:*:*:*:*",
"matchCriteriaId": "61A7429A-EA22-4CC3-9177-EBD739BB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:1915:*:*:*:*:*",
"matchCriteriaId": "177AB1AA-15CC-416C-A47B-7C290F23EC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:7995:*:*:*:*:*",
"matchCriteriaId": "1210591D-6168-4C99-A40F-18BCC49656F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8740:*:*:*:*:*",
"matchCriteriaId": "E2C199D1-B4F3-4939-A216-30836490B4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8750:*:*:*:*:*",
"matchCriteriaId": "FD438583-D9C6-40CD-9526-D42E8FAC6689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js12:*:7998:*:*:*:*:*",
"matchCriteriaId": "8D690D2D-174D-40CB-9273-8FA8E75EACDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:7988:*:*:*:*:*",
"matchCriteriaId": "FBC94677-BF7E-4DEE-9C2B-EEF4E730E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:8844:*:*:*:*:*",
"matchCriteriaId": "B0B7B3D3-306D-45C1-992F-8DBE78106A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js22:*:7998:*:*:*:*:*",
"matchCriteriaId": "97B880FC-2992-4644-B40D-BFD857ADDF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls20:*:8850:*:*:*:*:*",
"matchCriteriaId": "55CF4234-A310-4A08-9BFA-6CA0E46F50CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls21:*:7971:*:*:*:*:*",
"matchCriteriaId": "FF502A54-6B7B-4ED9-932B-DC51A440D145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls41:*:7972:*:*:*:*:*",
"matchCriteriaId": "7A7C4912-DCDC-4402-BC10-B7BCE2821E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:qs21:*:0792:*:*:*:*:*",
"matchCriteriaId": "6D2473A1-0DBB-4A17-8330-1E835D793815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:qs22:*:0793:*:*:*:*:*",
"matchCriteriaId": "F7BD9823-CDFB-4E75-B9CA-AB4D53BE22DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:s:*:1948:*:*:*:*:*",
"matchCriteriaId": "3D8C051F-56B7-4B6D-8357-4E1B76DAE024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:s:*:8886:*:*:*:*:*",
"matchCriteriaId": "9AC31661-5830-4FB3-8970-7C26D0658BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*",
"matchCriteriaId": "A7C6F823-C727-45DA-A623-3F95C92CFE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*",
"matchCriteriaId": "9B853206-C826-4215-9A56-8CAF9D018603",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el \"Advanced Management Module\" (AMM) o m\u00f3dulo de gesti\u00f3n avanzada de BladeCenter de IBM, incluyendo el BladeCenter H con BPET36H 54. Permiten a usuarios remotos inyectar c\u00f3digo web script o HTML de su elecci\u00f3n a trav\u00e9s de (1) el nombre de usuario en una acci\u00f3n de login o (2) el par\u00e1metro PATH de private/file_management.ssi en el gestor de ficheros."
}
],
"id": "CVE-2009-1288",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-13T16:30:00.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53657"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53658"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1022025"
},
{
"source": "cve@mitre.org",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34447"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1289
Vulnerability from fkie_nvd - Published: 2009-04-13 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | advanced_management_module | 1.36h | |
| ibm | bladecenter | e | |
| ibm | bladecenter | e | |
| ibm | bladecenter | e | |
| ibm | bladecenter | h | |
| ibm | bladecenter | h | |
| ibm | bladecenter | hc10 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs12 | |
| ibm | bladecenter | hs20 | |
| ibm | bladecenter | hs21 | |
| ibm | bladecenter | hs21 | |
| ibm | bladecenter | hs21_xm | |
| ibm | bladecenter | hs21_xm | |
| ibm | bladecenter | ht | |
| ibm | bladecenter | ht | |
| ibm | bladecenter | js12 | |
| ibm | bladecenter | js21 | |
| ibm | bladecenter | js21 | |
| ibm | bladecenter | js22 | |
| ibm | bladecenter | ls20 | |
| ibm | bladecenter | ls21 | |
| ibm | bladecenter | ls41 | |
| ibm | bladecenter | qs21 | |
| ibm | bladecenter | qs22 | |
| ibm | bladecenter | s | |
| ibm | bladecenter | s | |
| ibm | bladecenter | t | |
| ibm | bladecenter | t |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:advanced_management_module:1.36h:*:*:*:*:*:*:*",
"matchCriteriaId": "65D2F618-192F-449D-B182-0AF5CAAE730B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:1881:*:*:*:*:*",
"matchCriteriaId": "F0D41279-6729-447A-A9CE-EFD83D82DC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:7967:*:*:*:*:*",
"matchCriteriaId": "F578E536-42AE-4ABB-999B-C0F1249913D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:e:*:8677:*:*:*:*:*",
"matchCriteriaId": "BDE7F2D8-362B-49E5-B110-F5845F337FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:h:*:7989:*:*:*:*:*",
"matchCriteriaId": "0BAADDA3-CD72-4F14-B2CA-6EDA5E4EAEF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:h:*:8852:*:*:*:*:*",
"matchCriteriaId": "D22C37E6-62A0-48FD-8000-91270C14B646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hc10:*:7996:*:*:*:*:*",
"matchCriteriaId": "E98311E3-E944-4380-B52A-CCB7895187B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:1916:*:*:*:*:*",
"matchCriteriaId": "B77405D4-F9B6-445A-9124-AAF53F955FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8014:*:*:*:*:*",
"matchCriteriaId": "CA2824FF-1585-4035-AB47-24835688BEE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8028:*:*:*:*:*",
"matchCriteriaId": "2BE05E6A-F41B-4F5B-BF80-E9848BC21D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs20:*:1883:*:*:*:*:*",
"matchCriteriaId": "84927A93-FBE6-4A9D-937C-73D84FDA0CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:1885:*:*:*:*:*",
"matchCriteriaId": "6AD291A9-FD2A-4F2E-AA5A-F587781FF208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:8853:*:*:*:*:*",
"matchCriteriaId": "61A7429A-EA22-4CC3-9177-EBD739BB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:1915:*:*:*:*:*",
"matchCriteriaId": "177AB1AA-15CC-416C-A47B-7C290F23EC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:7995:*:*:*:*:*",
"matchCriteriaId": "1210591D-6168-4C99-A40F-18BCC49656F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8740:*:*:*:*:*",
"matchCriteriaId": "E2C199D1-B4F3-4939-A216-30836490B4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8750:*:*:*:*:*",
"matchCriteriaId": "FD438583-D9C6-40CD-9526-D42E8FAC6689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js12:*:7998:*:*:*:*:*",
"matchCriteriaId": "8D690D2D-174D-40CB-9273-8FA8E75EACDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:7988:*:*:*:*:*",
"matchCriteriaId": "FBC94677-BF7E-4DEE-9C2B-EEF4E730E6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:8844:*:*:*:*:*",
"matchCriteriaId": "B0B7B3D3-306D-45C1-992F-8DBE78106A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:js22:*:7998:*:*:*:*:*",
"matchCriteriaId": "97B880FC-2992-4644-B40D-BFD857ADDF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls20:*:8850:*:*:*:*:*",
"matchCriteriaId": "55CF4234-A310-4A08-9BFA-6CA0E46F50CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls21:*:7971:*:*:*:*:*",
"matchCriteriaId": "FF502A54-6B7B-4ED9-932B-DC51A440D145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:ls41:*:7972:*:*:*:*:*",
"matchCriteriaId": "7A7C4912-DCDC-4402-BC10-B7BCE2821E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:qs21:*:0792:*:*:*:*:*",
"matchCriteriaId": "6D2473A1-0DBB-4A17-8330-1E835D793815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:qs22:*:0793:*:*:*:*:*",
"matchCriteriaId": "F7BD9823-CDFB-4E75-B9CA-AB4D53BE22DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:s:*:1948:*:*:*:*:*",
"matchCriteriaId": "3D8C051F-56B7-4B6D-8357-4E1B76DAE024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:s:*:8886:*:*:*:*:*",
"matchCriteriaId": "9AC31661-5830-4FB3-8970-7C26D0658BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*",
"matchCriteriaId": "A7C6F823-C727-45DA-A623-3F95C92CFE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*",
"matchCriteriaId": "9B853206-C826-4215-9A56-8CAF9D018603",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad en private/login.ssi en el \"Advanced Management Module\" (AMM) o m\u00f3dulo de gesti\u00f3n avanzada de BladeCenter de IBM, incluyendo el BladeCenter H con BPET36H 54, permite a usuarios remotos averiguar los roles de acceso y el \"scope\" (alcance) de cuentas de usuario arbitrarias a trav\u00e9s del par\u00e1metro WEBINDEX."
}
],
"id": "CVE-2009-1289",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-13T16:30:00.453",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53659"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1022025"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34447"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-0860 (GCVE-0-2014-0860)
Vulnerability from cvelistv5 – Published: 2014-07-07 10:00 – Updated: 2024-08-06 09:27
VLAI?
Summary
The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-bladecenter-cve20140860-info-disc(90880)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-bladecenter-cve20140860-info-disc(90880)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-bladecenter-cve20140860-info-disc(90880)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0860",
"datePublished": "2014-07-07T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4007 (GCVE-0-2013-4007)
Vulnerability from cvelistv5 – Published: 2013-08-16 01:00 – Updated: 2024-08-06 16:30
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "advancedmm-cve20134007-xss(85274)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "advancedmm-cve20134007-xss(85274)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "advancedmm-cve20134007-xss(85274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85274"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4007",
"datePublished": "2013-08-16T01:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2655 (GCVE-0-2010-2655)
Vulnerability from cvelistv5 – Published: 2010-07-07 18:00 – Updated: 2024-08-07 02:39
VLAI?
Summary
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66124",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66124"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66124",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66124"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14237",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66124",
"refsource": "OSVDB",
"url": "http://osvdb.org/66124"
},
{
"name": "41383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2655",
"datePublished": "2010-07-07T18:00:00",
"dateReserved": "2010-07-07T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2656 (GCVE-0-2010-2656)
Vulnerability from cvelistv5 – Published: 2010-07-07 18:00 – Updated: 2024-08-07 02:39
VLAI?
Summary
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:38.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14237",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "41383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66123",
"refsource": "OSVDB",
"url": "http://osvdb.org/66123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2656",
"datePublished": "2010-07-07T18:00:00",
"dateReserved": "2010-07-07T00:00:00",
"dateUpdated": "2024-08-07T02:39:38.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2654 (GCVE-0-2010-2654)
Vulnerability from cvelistv5 – Published: 2010-07-07 18:00 – Updated: 2024-08-07 02:39
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66125"
},
{
"name": "66128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66128"
},
{
"name": "66130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66130"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "66127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66127"
},
{
"name": "66129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66129"
},
{
"name": "66122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66125"
},
{
"name": "66128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66128"
},
{
"name": "66130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66130"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "66127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66127"
},
{
"name": "66129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66129"
},
{
"name": "66122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14237",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66125",
"refsource": "OSVDB",
"url": "http://osvdb.org/66125"
},
{
"name": "66128",
"refsource": "OSVDB",
"url": "http://osvdb.org/66128"
},
{
"name": "66130",
"refsource": "OSVDB",
"url": "http://osvdb.org/66130"
},
{
"name": "41383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "66127",
"refsource": "OSVDB",
"url": "http://osvdb.org/66127"
},
{
"name": "66129",
"refsource": "OSVDB",
"url": "http://osvdb.org/66129"
},
{
"name": "66122",
"refsource": "OSVDB",
"url": "http://osvdb.org/66122"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66126",
"refsource": "OSVDB",
"url": "http://osvdb.org/66126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2654",
"datePublished": "2010-07-07T18:00:00",
"dateReserved": "2010-07-07T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1460 (GCVE-0-2010-1460)
Vulnerability from cvelistv5 – Published: 2010-04-16 18:00 – Updated: 2024-08-07 01:28
VLAI?
Summary
The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:40.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020"
},
{
"name": "39499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39499"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=149"
},
{
"name": "20100415 [DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510744/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020"
},
{
"name": "39499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39499"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=149"
},
{
"name": "20100415 [DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510744/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020",
"refsource": "CONFIRM",
"url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020"
},
{
"name": "39499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39499"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=149",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=149"
},
{
"name": "20100415 [DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510744/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1460",
"datePublished": "2010-04-16T18:00:00",
"dateReserved": "2010-04-16T00:00:00",
"dateUpdated": "2024-08-07T01:28:40.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1289 (GCVE-0-2009-1289)
Vulnerability from cvelistv5 – Published: 2009-04-13 16:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53659"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53659"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53659",
"refsource": "OSVDB",
"url": "http://osvdb.org/53659"
},
{
"name": "34447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "http://www.louhinetworks.fi/advisory/ibm_090409.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1289",
"datePublished": "2009-04-13T16:00:00",
"dateReserved": "2009-04-13T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1290 (GCVE-0-2009-1290)
Vulnerability from cvelistv5 – Published: 2009-04-13 16:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "34447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53660",
"refsource": "OSVDB",
"url": "http://osvdb.org/53660"
},
{
"name": "http://www.louhinetworks.fi/advisory/ibm_090409.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1290",
"datePublished": "2009-04-13T16:00:00",
"dateReserved": "2009-04-13T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1288 (GCVE-0-2009-1288)
Vulnerability from cvelistv5 – Published: 2009-04-13 16:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53658",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53658"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53658",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53658"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53658",
"refsource": "OSVDB",
"url": "http://osvdb.org/53658"
},
{
"name": "34447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53657",
"refsource": "OSVDB",
"url": "http://osvdb.org/53657"
},
{
"name": "http://www.louhinetworks.fi/advisory/ibm_090409.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1288",
"datePublished": "2009-04-13T16:00:00",
"dateReserved": "2009-04-13T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0860 (GCVE-0-2014-0860)
Vulnerability from nvd – Published: 2014-07-07 10:00 – Updated: 2024-08-06 09:27
VLAI?
Summary
The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-bladecenter-cve20140860-info-disc(90880)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-bladecenter-cve20140860-info-disc(90880)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-bladecenter-cve20140860-info-disc(90880)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0860",
"datePublished": "2014-07-07T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4007 (GCVE-0-2013-4007)
Vulnerability from nvd – Published: 2013-08-16 01:00 – Updated: 2024-08-06 16:30
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "advancedmm-cve20134007-xss(85274)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "advancedmm-cve20134007-xss(85274)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "advancedmm-cve20134007-xss(85274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85274"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4007",
"datePublished": "2013-08-16T01:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2655 (GCVE-0-2010-2655)
Vulnerability from nvd – Published: 2010-07-07 18:00 – Updated: 2024-08-07 02:39
VLAI?
Summary
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66124",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66124"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66124",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66124"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14237",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66124",
"refsource": "OSVDB",
"url": "http://osvdb.org/66124"
},
{
"name": "41383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2655",
"datePublished": "2010-07-07T18:00:00",
"dateReserved": "2010-07-07T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2656 (GCVE-0-2010-2656)
Vulnerability from nvd – Published: 2010-07-07 18:00 – Updated: 2024-08-07 02:39
VLAI?
Summary
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:38.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14237",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "41383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66123",
"refsource": "OSVDB",
"url": "http://osvdb.org/66123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2656",
"datePublished": "2010-07-07T18:00:00",
"dateReserved": "2010-07-07T00:00:00",
"dateUpdated": "2024-08-07T02:39:38.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2654 (GCVE-0-2010-2654)
Vulnerability from nvd – Published: 2010-07-07 18:00 – Updated: 2024-08-07 02:39
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66125"
},
{
"name": "66128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66128"
},
{
"name": "66130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66130"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "66127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66127"
},
{
"name": "66129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66129"
},
{
"name": "66122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14237",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66125"
},
{
"name": "66128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66128"
},
{
"name": "66130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66130"
},
{
"name": "41383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "66127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66127"
},
{
"name": "66129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66129"
},
{
"name": "66122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14237",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66125",
"refsource": "OSVDB",
"url": "http://osvdb.org/66125"
},
{
"name": "66128",
"refsource": "OSVDB",
"url": "http://osvdb.org/66128"
},
{
"name": "66130",
"refsource": "OSVDB",
"url": "http://osvdb.org/66130"
},
{
"name": "41383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "66127",
"refsource": "OSVDB",
"url": "http://osvdb.org/66127"
},
{
"name": "66129",
"refsource": "OSVDB",
"url": "http://osvdb.org/66129"
},
{
"name": "66122",
"refsource": "OSVDB",
"url": "http://osvdb.org/66122"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66126",
"refsource": "OSVDB",
"url": "http://osvdb.org/66126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2654",
"datePublished": "2010-07-07T18:00:00",
"dateReserved": "2010-07-07T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1460 (GCVE-0-2010-1460)
Vulnerability from nvd – Published: 2010-04-16 18:00 – Updated: 2024-08-07 01:28
VLAI?
Summary
The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:40.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020"
},
{
"name": "39499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39499"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=149"
},
{
"name": "20100415 [DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510744/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020"
},
{
"name": "39499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39499"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dsecrg.com/pages/vul/show.php?id=149"
},
{
"name": "20100415 [DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510744/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020",
"refsource": "CONFIRM",
"url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5083945\u0026brandind=5000020"
},
{
"name": "39499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39499"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=149",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=149"
},
{
"name": "20100415 [DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510744/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1460",
"datePublished": "2010-04-16T18:00:00",
"dateReserved": "2010-04-16T00:00:00",
"dateUpdated": "2024-08-07T01:28:40.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1289 (GCVE-0-2009-1289)
Vulnerability from nvd – Published: 2009-04-13 16:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53659"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53659"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53659",
"refsource": "OSVDB",
"url": "http://osvdb.org/53659"
},
{
"name": "34447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "http://www.louhinetworks.fi/advisory/ibm_090409.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1289",
"datePublished": "2009-04-13T16:00:00",
"dateReserved": "2009-04-13T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1290 (GCVE-0-2009-1290)
Vulnerability from nvd – Published: 2009-04-13 16:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "34447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53660",
"refsource": "OSVDB",
"url": "http://osvdb.org/53660"
},
{
"name": "http://www.louhinetworks.fi/advisory/ibm_090409.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1290",
"datePublished": "2009-04-13T16:00:00",
"dateReserved": "2009-04-13T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1288 (GCVE-0-2009-1288)
Vulnerability from nvd – Published: 2009-04-13 16:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53658",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53658"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53658",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53658"
},
{
"name": "34447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "53658",
"refsource": "OSVDB",
"url": "http://osvdb.org/53658"
},
{
"name": "34447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53657",
"refsource": "OSVDB",
"url": "http://osvdb.org/53657"
},
{
"name": "http://www.louhinetworks.fi/advisory/ibm_090409.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1288",
"datePublished": "2009-04-13T16:00:00",
"dateReserved": "2009-04-13T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}