All the vulnerabilites related to ibm - system_x_idataplex_dx360_m4_server
Vulnerability from fkie_nvd
Published
2013-08-09 23:55
Modified
2024-11-21 01:54
Severity ?
Summary
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | bladecenter | hs22 | |
| ibm | bladecenter | hs22v | |
| ibm | bladecenter | hs23 | |
| ibm | bladecenter | hs23e | |
| ibm | bladecenter | hx5 | |
| ibm | flex_system_x220_compute_node | - | |
| ibm | flex_system_x240_compute_node | - | |
| ibm | flex_system_x440_compute_node | - | |
| ibm | system_x_idataplex_dx360_m2_server | - | |
| ibm | system_x_idataplex_dx360_m3_server | - | |
| ibm | system_x_idataplex_dx360_m4_server | - | |
| ibm | system_x3100_m4 | - | |
| ibm | system_x3200_m3 | - | |
| ibm | system_x3250_m3 | - | |
| ibm | system_x3250_m4 | - | |
| ibm | system_x3400_m2 | - | |
| ibm | system_x3400_m3 | - | |
| ibm | system_x3500_m2 | - | |
| ibm | system_x3500_m3 | - | |
| ibm | system_x3500_m4 | - | |
| ibm | system_x3530_m4 | - | |
| ibm | system_x3550_m2 | - | |
| ibm | system_x3550_m3 | - | |
| ibm | system_x3550_m4 | - | |
| ibm | system_x3620_m3 | - | |
| ibm | system_x3630_m3 | - | |
| ibm | system_x3630_m4 | - | |
| ibm | system_x3650_m2 | - | |
| ibm | system_x3650_m3 | - | |
| ibm | system_x3650_m4 | - | |
| ibm | system_x3690_x5 | - | |
| ibm | system_x3750_m4 | - | |
| ibm | system_x3850_x5 | - | |
| ibm | system_x3950_x5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
},
{
"lang": "es",
"value": "El protocolo RAKP soportado en la implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, and System x3###, env\u00eda una contrase\u00f1a hash al cliente, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2013-4037",
"lastModified": "2024-11-21T01:54:45.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T23:55:02.863",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-09 23:55
Modified
2024-11-21 01:54
Severity ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | bladecenter | hs22 | |
| ibm | bladecenter | hs22v | |
| ibm | bladecenter | hs23 | |
| ibm | bladecenter | hs23e | |
| ibm | bladecenter | hx5 | |
| ibm | flex_system_x220_compute_node | - | |
| ibm | flex_system_x240_compute_node | - | |
| ibm | flex_system_x440_compute_node | - | |
| ibm | system_x_idataplex_dx360_m2_server | - | |
| ibm | system_x_idataplex_dx360_m3_server | - | |
| ibm | system_x_idataplex_dx360_m4_server | - | |
| ibm | system_x3100_m4 | - | |
| ibm | system_x3200_m3 | - | |
| ibm | system_x3250_m3 | - | |
| ibm | system_x3250_m4 | - | |
| ibm | system_x3400_m2 | - | |
| ibm | system_x3400_m3 | - | |
| ibm | system_x3500_m2 | - | |
| ibm | system_x3500_m3 | - | |
| ibm | system_x3500_m4 | - | |
| ibm | system_x3530_m4 | - | |
| ibm | system_x3550_m2 | - | |
| ibm | system_x3550_m3 | - | |
| ibm | system_x3550_m4 | - | |
| ibm | system_x3620_m3 | - | |
| ibm | system_x3630_m3 | - | |
| ibm | system_x3630_m4 | - | |
| ibm | system_x3650_m2 | - | |
| ibm | system_x3650_m3 | - | |
| ibm | system_x3650_m4 | - | |
| ibm | system_x3690_x5 | - | |
| ibm | system_x3750_m4 | - | |
| ibm | system_x3850_x5 | - | |
| ibm | system_x3950_x5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
},
{
"lang": "es",
"value": "La implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, y System x3###, utiliza texto claro para el almacenamiento de contrase\u00f1as, lo que permite a atacantes, seg\u00fan el contexto, obtener informaci\u00f3n confidencial mediante la lectura de un archivo."
}
],
"id": "CVE-2013-4038",
"lastModified": "2024-11-21T01:54:45.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T23:55:02.890",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-09 23:55
Modified
2024-11-21 01:54
Severity ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | bladecenter | hs22 | |
| ibm | bladecenter | hs22v | |
| ibm | bladecenter | hs23 | |
| ibm | bladecenter | hs23e | |
| ibm | bladecenter | hx5 | |
| ibm | flex_system_x220_compute_node | - | |
| ibm | flex_system_x240_compute_node | - | |
| ibm | flex_system_x440_compute_node | - | |
| ibm | system_x_idataplex_dx360_m2_server | - | |
| ibm | system_x_idataplex_dx360_m3_server | - | |
| ibm | system_x_idataplex_dx360_m4_server | - | |
| ibm | system_x3100_m4 | - | |
| ibm | system_x3200_m3 | - | |
| ibm | system_x3250_m3 | - | |
| ibm | system_x3250_m4 | - | |
| ibm | system_x3400_m2 | - | |
| ibm | system_x3400_m3 | - | |
| ibm | system_x3500_m2 | - | |
| ibm | system_x3500_m3 | - | |
| ibm | system_x3500_m4 | - | |
| ibm | system_x3530_m4 | - | |
| ibm | system_x3550_m2 | - | |
| ibm | system_x3550_m3 | - | |
| ibm | system_x3550_m4 | - | |
| ibm | system_x3620_m3 | - | |
| ibm | system_x3630_m3 | - | |
| ibm | system_x3630_m4 | - | |
| ibm | system_x3650_m2 | - | |
| ibm | system_x3650_m3 | - | |
| ibm | system_x3650_m4 | - | |
| ibm | system_x3690_x5 | - | |
| ibm | system_x3750_m4 | - | |
| ibm | system_x3850_x5 | - | |
| ibm | system_x3950_x5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5F6076-DF5F-44E0-8CCF-BD1A9E2FE5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED62921-B746-41DC-951F-4BD80EC32A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E87D7B9E-BDD0-41D8-9A2B-CE989FA3888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3CD99D-F823-49A9-A9F4-6DE615358447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F09E64-4A8E-4C24-8699-ED0D4CD5BBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1890F42C-E455-4D81-86BA-E7E5E1B8D295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5160AA6-DF5F-4247-BEA6-F17AC1667FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
},
{
"lang": "es",
"value": "La implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, y System x3### tiene una contrase\u00f1a predeterminada para una cuenta de usuario IPMI, lo que hace m\u00e1s f\u00e1cil para los atacantes remotos realizar el encendido, apagado, reinicio, o a\u00f1adir o modificar las cuentas, a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4031",
"lastModified": "2024-11-21T01:54:45.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T23:55:02.840",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-21 01:55
Modified
2024-11-21 01:54
Severity ?
Summary
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:integrated_management_module_2:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "365DA842-58EB-422E-9DE2-EDCA63BE0600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:integrated_management_module_2:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACD330F-69B2-4C9C-AF1E-14DDC84B6C68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_node_7955:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A537D2-61E1-44D1-BDCC-250E4FD42CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_node_8731:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A37D3256-F4C1-46B6-9168-C572321DDF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_manager_node_8734:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C453D5-F8D3-4945-9880-61743E1949C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DCE85E-FB2D-49D4-863F-5D3458A674D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF9E83E-9526-49EC-8B32-4E896C1DFD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB89722F-2C12-49A8-9A6E-02842EBF77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_direct_water_cooled_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA69662-2ED2-4CA7-BE7B-DEA1380A9EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4ABB5B-C1F0-4FEE-9879-3F9E023D5AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66DB82A-0FF6-452B-8B11-239BF391AD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3672040-7C51-4C83-A62C-096B2B0E5289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3300_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD693FE0-9B91-4F52-AE89-C82ED55DE43C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED256E-420A-42D7-B5EC-301097A4020F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02507B59-A854-43B1-B14D-E0CEA10FF62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F943B01A-635B-4F62-96DE-715FFA007AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247AFC7C-CAF6-46C5-82A4-7DF045C2E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E33754-643B-41FD-A751-4E1A029EFBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F407F5-EF7C-4F65-8978-3FB80CB07C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C31D7-C2FF-4DAA-88DB-99EFE7E0BA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3630_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46A6BD72-DC1E-4760-AFEE-9D1C8EE1C97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58073F4-505F-466B-A2F2-B13B70F3A78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE88C85-1397-447D-9352-9609571E62B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "521ED7F3-84FD-4D6C-9EEE-83A52734602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D6FE-71DC-474E-94FE-0052C94AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "268FEAB9-EEB1-4B00-A086-1185B0A35959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A7021F-5D6E-4FCB-A155-5EDC76B78167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86142DE9-2C91-4FCB-9A1B-39AB541C05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic."
},
{
"lang": "es",
"value": "Integrated Management Module (IMM) 2 1.00 hasta 2.00 de los servidores IBM System X y Flex System soporta conjuntos de cifrado SSL con claves cortas, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos romper la proteccion criptografica de los mecanismos de de cifrado a trav\u00e9s de (1) un ataque de fuerza bruta contra SSL o (2) El tr\u00e1fico TLS."
}
],
"id": "CVE-2013-4030",
"lastModified": "2024-11-21T01:54:44.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-21T01:55:03.480",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-4031
Vulnerability from cvelistv5
Published
2013-08-09 23:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86172 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imm-cve20134031-ipmi-default(86172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86172"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4031",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4037
Vulnerability from cvelistv5
Published
2013-08-09 23:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86173 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
},
{
"name": "imm-cve20134037-ipmi-weak(86173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4037",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4030
Vulnerability from cvelistv5
Published
2014-01-21 01:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86068 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "x-mgmt-cve20134030-encryption(86068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86068"
},
{
"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4030",
"datePublished": "2014-01-21T01:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4038
Vulnerability from cvelistv5
Published
2013-08-09 23:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86174 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imm-cve20134038-ipmi-cleartext(86174)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86174"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4038",
"datePublished": "2013-08-09T23:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}