All the vulnerabilites related to ibm - system_x3400_m2
Vulnerability from fkie_nvd
Published
2013-08-09 23:55
Modified
2024-11-21 01:54
Severity ?
Summary
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
psirt@us.ibm.comhttp://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/86173
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/86173
Impacted products
Vendor Product Version
ibm bladecenter hs22
ibm bladecenter hs22v
ibm bladecenter hs23
ibm bladecenter hs23e
ibm bladecenter hx5
ibm flex_system_x220_compute_node -
ibm flex_system_x240_compute_node -
ibm flex_system_x440_compute_node -
ibm system_x_idataplex_dx360_m2_server -
ibm system_x_idataplex_dx360_m3_server -
ibm system_x_idataplex_dx360_m4_server -
ibm system_x3100_m4 -
ibm system_x3200_m3 -
ibm system_x3250_m3 -
ibm system_x3250_m4 -
ibm system_x3400_m2 -
ibm system_x3400_m3 -
ibm system_x3500_m2 -
ibm system_x3500_m3 -
ibm system_x3500_m4 -
ibm system_x3530_m4 -
ibm system_x3550_m2 -
ibm system_x3550_m3 -
ibm system_x3550_m4 -
ibm system_x3620_m3 -
ibm system_x3630_m3 -
ibm system_x3630_m4 -
ibm system_x3650_m2 -
ibm system_x3650_m3 -
ibm system_x3650_m4 -
ibm system_x3690_x5 -
ibm system_x3750_m4 -
ibm system_x3850_x5 -
ibm system_x3950_x5 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
              "matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
              "matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
              "matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
              "matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
    },
    {
      "lang": "es",
      "value": "El protocolo RAKP soportado en la implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, and System x3###, env\u00eda una contrase\u00f1a hash al cliente, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso a trav\u00e9s de un ataque de fuerza bruta."
    }
  ],
  "id": "CVE-2013-4037",
  "lastModified": "2024-11-21T01:54:45.840",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-09T23:55:02.863",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-08-09 23:55
Modified
2024-11-21 01:54
Severity ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
References
psirt@us.ibm.comhttp://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/86174
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/86174
Impacted products
Vendor Product Version
ibm bladecenter hs22
ibm bladecenter hs22v
ibm bladecenter hs23
ibm bladecenter hs23e
ibm bladecenter hx5
ibm flex_system_x220_compute_node -
ibm flex_system_x240_compute_node -
ibm flex_system_x440_compute_node -
ibm system_x_idataplex_dx360_m2_server -
ibm system_x_idataplex_dx360_m3_server -
ibm system_x_idataplex_dx360_m4_server -
ibm system_x3100_m4 -
ibm system_x3200_m3 -
ibm system_x3250_m3 -
ibm system_x3250_m4 -
ibm system_x3400_m2 -
ibm system_x3400_m3 -
ibm system_x3500_m2 -
ibm system_x3500_m3 -
ibm system_x3500_m4 -
ibm system_x3530_m4 -
ibm system_x3550_m2 -
ibm system_x3550_m3 -
ibm system_x3550_m4 -
ibm system_x3620_m3 -
ibm system_x3630_m3 -
ibm system_x3630_m4 -
ibm system_x3650_m2 -
ibm system_x3650_m3 -
ibm system_x3650_m4 -
ibm system_x3690_x5 -
ibm system_x3750_m4 -
ibm system_x3850_x5 -
ibm system_x3950_x5 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
              "matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
              "matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
              "matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
              "matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, y System x3###, utiliza texto claro para el almacenamiento de contrase\u00f1as, lo que permite a atacantes, seg\u00fan el contexto, obtener informaci\u00f3n confidencial mediante la lectura de un archivo."
    }
  ],
  "id": "CVE-2013-4038",
  "lastModified": "2024-11-21T01:54:45.943",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-09T23:55:02.890",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-08-09 23:55
Modified
2024-11-21 01:54
Severity ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
References
psirt@us.ibm.comhttp://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/86172
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/86172
Impacted products
Vendor Product Version
ibm bladecenter hs22
ibm bladecenter hs22v
ibm bladecenter hs23
ibm bladecenter hs23e
ibm bladecenter hx5
ibm flex_system_x220_compute_node -
ibm flex_system_x240_compute_node -
ibm flex_system_x440_compute_node -
ibm system_x_idataplex_dx360_m2_server -
ibm system_x_idataplex_dx360_m3_server -
ibm system_x_idataplex_dx360_m4_server -
ibm system_x3100_m4 -
ibm system_x3200_m3 -
ibm system_x3250_m3 -
ibm system_x3250_m4 -
ibm system_x3400_m2 -
ibm system_x3400_m3 -
ibm system_x3500_m2 -
ibm system_x3500_m3 -
ibm system_x3500_m4 -
ibm system_x3530_m4 -
ibm system_x3550_m2 -
ibm system_x3550_m3 -
ibm system_x3550_m4 -
ibm system_x3620_m3 -
ibm system_x3630_m3 -
ibm system_x3630_m4 -
ibm system_x3650_m2 -
ibm system_x3650_m3 -
ibm system_x3650_m4 -
ibm system_x3690_x5 -
ibm system_x3750_m4 -
ibm system_x3850_x5 -
ibm system_x3950_x5 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
              "matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
              "matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
              "matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
              "matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, y System x3### tiene una contrase\u00f1a predeterminada para una cuenta de usuario IPMI, lo que hace m\u00e1s f\u00e1cil para los atacantes remotos realizar el encendido, apagado, reinicio, o a\u00f1adir o modificar las cuentas, a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-4031",
  "lastModified": "2024-11-21T01:54:45.167",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-09T23:55:02.840",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-4031
Vulnerability from cvelistv5
Published
2013-08-09 23:00
Modified
2024-08-06 16:30
Severity ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/86172vdb-entry, x_refsource_XF
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "imm-cve20134031-ipmi-default(86172)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "imm-cve20134031-ipmi-default(86172)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4031",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "imm-cve20134031-ipmi-default(86172)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
            },
            {
              "name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4031",
    "datePublished": "2013-08-09T23:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4037
Vulnerability from cvelistv5
Published
2013-08-09 23:00
Modified
2024-08-06 16:30
Severity ?
Summary
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/86173vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
          },
          {
            "name": "imm-cve20134037-ipmi-weak(86173)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
        },
        {
          "name": "imm-cve20134037-ipmi-weak(86173)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4037",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
            },
            {
              "name": "imm-cve20134037-ipmi-weak(86173)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4037",
    "datePublished": "2013-08-09T23:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4038
Vulnerability from cvelistv5
Published
2013-08-09 23:00
Modified
2024-08-06 16:30
Severity ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/86174vdb-entry, x_refsource_XF
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.855Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "imm-cve20134038-ipmi-cleartext(86174)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "imm-cve20134038-ipmi-cleartext(86174)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4038",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "imm-cve20134038-ipmi-cleartext(86174)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
            },
            {
              "name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4038",
    "datePublished": "2013-08-09T23:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.855Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}