Search criteria
12 vulnerabilities found for flex_system_x240_compute_node by ibm
FKIE_CVE-2013-4030
Vulnerability from fkie_nvd - Published: 2014-01-21 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:integrated_management_module_2:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "365DA842-58EB-422E-9DE2-EDCA63BE0600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:integrated_management_module_2:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACD330F-69B2-4C9C-AF1E-14DDC84B6C68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_node_7955:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A537D2-61E1-44D1-BDCC-250E4FD42CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_node_8731:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A37D3256-F4C1-46B6-9168-C572321DDF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_node_8734:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C453D5-F8D3-4945-9880-61743E1949C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_direct_water_cooled_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA69662-2ED2-4CA7-BE7B-DEA1380A9EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46A6BD72-DC1E-4760-AFEE-9D1C8EE1C97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic."
},
{
"lang": "es",
"value": "Integrated Management Module (IMM) 2 1.00 hasta 2.00 de los servidores IBM System X y Flex System soporta conjuntos de cifrado SSL con claves cortas, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos romper la proteccion criptografica de los mecanismos de de cifrado a trav\u00e9s de (1) un ataque de fuerza bruta contra SSL o (2) El tr\u00e1fico TLS."
}
],
"id": "CVE-2013-4030",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-21T01:55:03.480",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4031
Vulnerability from fkie_nvd - Published: 2013-08-09 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | bladecenter | hs22 | |
| ibm | bladecenter | hs22v | |
| ibm | bladecenter | hs23 | |
| ibm | bladecenter | hs23e | |
| ibm | bladecenter | hx5 | |
| ibm | flex_system_x220_compute_node | - | |
| ibm | flex_system_x240_compute_node | - | |
| ibm | flex_system_x440_compute_node | - | |
| ibm | system_x_idataplex_dx360_m2_server | - | |
| ibm | system_x_idataplex_dx360_m3_server | - | |
| ibm | system_x_idataplex_dx360_m4_server | - | |
| ibm | system_x3100_m4 | - | |
| ibm | system_x3200_m3 | - | |
| ibm | system_x3250_m3 | - | |
| ibm | system_x3250_m4 | - | |
| ibm | system_x3400_m2 | - | |
| ibm | system_x3400_m3 | - | |
| ibm | system_x3500_m2 | - | |
| ibm | system_x3500_m3 | - | |
| ibm | system_x3500_m4 | - | |
| ibm | system_x3530_m4 | - | |
| ibm | system_x3550_m2 | - | |
| ibm | system_x3550_m3 | - | |
| ibm | system_x3550_m4 | - | |
| ibm | system_x3620_m3 | - | |
| ibm | system_x3630_m3 | - | |
| ibm | system_x3630_m4 | - | |
| ibm | system_x3650_m2 | - | |
| ibm | system_x3650_m3 | - | |
| ibm | system_x3650_m4 | - | |
| ibm | system_x3690_x5 | - | |
| ibm | system_x3750_m4 | - | |
| ibm | system_x3850_x5 | - | |
| ibm | system_x3950_x5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
},
{
"lang": "es",
"value": "La implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, y System x3### tiene una contrase\u00f1a predeterminada para una cuenta de usuario IPMI, lo que hace m\u00e1s f\u00e1cil para los atacantes remotos realizar el encendido, apagado, reinicio, o a\u00f1adir o modificar las cuentas, a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4031",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T23:55:02.840",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4038
Vulnerability from fkie_nvd - Published: 2013-08-09 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | bladecenter | hs22 | |
| ibm | bladecenter | hs22v | |
| ibm | bladecenter | hs23 | |
| ibm | bladecenter | hs23e | |
| ibm | bladecenter | hx5 | |
| ibm | flex_system_x220_compute_node | - | |
| ibm | flex_system_x240_compute_node | - | |
| ibm | flex_system_x440_compute_node | - | |
| ibm | system_x_idataplex_dx360_m2_server | - | |
| ibm | system_x_idataplex_dx360_m3_server | - | |
| ibm | system_x_idataplex_dx360_m4_server | - | |
| ibm | system_x3100_m4 | - | |
| ibm | system_x3200_m3 | - | |
| ibm | system_x3250_m3 | - | |
| ibm | system_x3250_m4 | - | |
| ibm | system_x3400_m2 | - | |
| ibm | system_x3400_m3 | - | |
| ibm | system_x3500_m2 | - | |
| ibm | system_x3500_m3 | - | |
| ibm | system_x3500_m4 | - | |
| ibm | system_x3530_m4 | - | |
| ibm | system_x3550_m2 | - | |
| ibm | system_x3550_m3 | - | |
| ibm | system_x3550_m4 | - | |
| ibm | system_x3620_m3 | - | |
| ibm | system_x3630_m3 | - | |
| ibm | system_x3630_m4 | - | |
| ibm | system_x3650_m2 | - | |
| ibm | system_x3650_m3 | - | |
| ibm | system_x3650_m4 | - | |
| ibm | system_x3690_x5 | - | |
| ibm | system_x3750_m4 | - | |
| ibm | system_x3850_x5 | - | |
| ibm | system_x3950_x5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
},
{
"lang": "es",
"value": "La implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, y System x3###, utiliza texto claro para el almacenamiento de contrase\u00f1as, lo que permite a atacantes, seg\u00fan el contexto, obtener informaci\u00f3n confidencial mediante la lectura de un archivo."
}
],
"id": "CVE-2013-4038",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T23:55:02.890",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4037
Vulnerability from fkie_nvd - Published: 2013-08-09 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | bladecenter | hs22 | |
| ibm | bladecenter | hs22v | |
| ibm | bladecenter | hs23 | |
| ibm | bladecenter | hs23e | |
| ibm | bladecenter | hx5 | |
| ibm | flex_system_x220_compute_node | - | |
| ibm | flex_system_x240_compute_node | - | |
| ibm | flex_system_x440_compute_node | - | |
| ibm | system_x_idataplex_dx360_m2_server | - | |
| ibm | system_x_idataplex_dx360_m3_server | - | |
| ibm | system_x_idataplex_dx360_m4_server | - | |
| ibm | system_x3100_m4 | - | |
| ibm | system_x3200_m3 | - | |
| ibm | system_x3250_m3 | - | |
| ibm | system_x3250_m4 | - | |
| ibm | system_x3400_m2 | - | |
| ibm | system_x3400_m3 | - | |
| ibm | system_x3500_m2 | - | |
| ibm | system_x3500_m3 | - | |
| ibm | system_x3500_m4 | - | |
| ibm | system_x3530_m4 | - | |
| ibm | system_x3550_m2 | - | |
| ibm | system_x3550_m3 | - | |
| ibm | system_x3550_m4 | - | |
| ibm | system_x3620_m3 | - | |
| ibm | system_x3630_m3 | - | |
| ibm | system_x3630_m4 | - | |
| ibm | system_x3650_m2 | - | |
| ibm | system_x3650_m3 | - | |
| ibm | system_x3650_m4 | - | |
| ibm | system_x3690_x5 | - | |
| ibm | system_x3750_m4 | - | |
| ibm | system_x3850_x5 | - | |
| ibm | system_x3950_x5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
},
{
"lang": "es",
"value": "El protocolo RAKP soportado en la implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, and System x3###, env\u00eda una contrase\u00f1a hash al cliente, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2013-4037",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T23:55:02.863",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-4030 (GCVE-0-2013-4030)
Vulnerability from cvelistv5 – Published: 2014-01-21 01:00 – Updated: 2024-08-06 16:30
VLAI?
Summary
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4030",
"datePublished": "2014-01-21T01:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4038 (GCVE-0-2013-4038)
Vulnerability from cvelistv5 – Published: 2013-08-09 23:00 – Updated: 2024-08-06 16:30
VLAI?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4038",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4037 (GCVE-0-2013-4037)
Vulnerability from cvelistv5 – Published: 2013-08-09 23:00 – Updated: 2024-08-06 16:30
VLAI?
Summary
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4037",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4031 (GCVE-0-2013-4031)
Vulnerability from cvelistv5 – Published: 2013-08-09 23:00 – Updated: 2024-08-06 16:30
VLAI?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4031",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4030 (GCVE-0-2013-4030)
Vulnerability from nvd – Published: 2014-01-21 01:00 – Updated: 2024-08-06 16:30
VLAI?
Summary
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4030",
"datePublished": "2014-01-21T01:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4038 (GCVE-0-2013-4038)
Vulnerability from nvd – Published: 2013-08-09 23:00 – Updated: 2024-08-06 16:30
VLAI?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4038",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4037 (GCVE-0-2013-4037)
Vulnerability from nvd – Published: 2013-08-09 23:00 – Updated: 2024-08-06 16:30
VLAI?
Summary
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4037",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4031 (GCVE-0-2013-4031)
Vulnerability from nvd – Published: 2013-08-09 23:00 – Updated: 2024-08-06 16:30
VLAI?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4031",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}