cvelistv5 - cve-2009-1290

CVE-2009-1290 (GCVE-0-2009-1290)

Vulnerability from cvelistv5 – Published: 2009-04-13 16:00 – Updated: 2024-08-07 05:04

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/502582/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/34447	vdb-entryx_refsource_BID
	http://securitytracker.com/id?1022025	vdb-entryx_refsource_SECTRACK
	http://osvdb.org/53660	vdb-entryx_refsource_OSVDB
	http://www.louhinetworks.fi/advisory/ibm_090409.txt	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:49.420Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
          },
          {
            "name": "34447",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34447"
          },
          {
            "name": "1022025",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1022025"
          },
          {
            "name": "53660",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/53660"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
        },
        {
          "name": "34447",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34447"
        },
        {
          "name": "1022025",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1022025"
        },
        {
          "name": "53660",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/53660"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1290",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
            },
            {
              "name": "34447",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34447"
            },
            {
              "name": "1022025",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1022025"
            },
            {
              "name": "53660",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/53660"
            },
            {
              "name": "http://www.louhinetworks.fi/advisory/ibm_090409.txt",
              "refsource": "MISC",
              "url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1290",
    "datePublished": "2009-04-13T16:00:00",
    "dateReserved": "2009-04-13T00:00:00",
    "dateUpdated": "2024-08-07T05:04:49.420Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:advanced_management_module:1.36h:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65D2F618-192F-449D-B182-0AF5CAAE730B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:e:*:1881:*:*:*:*:*\", \"matchCriteriaId\": \"F0D41279-6729-447A-A9CE-EFD83D82DC19\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:e:*:7967:*:*:*:*:*\", \"matchCriteriaId\": \"F578E536-42AE-4ABB-999B-C0F1249913D4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:e:*:8677:*:*:*:*:*\", \"matchCriteriaId\": \"BDE7F2D8-362B-49E5-B110-F5845F337FE5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:h:*:7989:*:*:*:*:*\", \"matchCriteriaId\": \"0BAADDA3-CD72-4F14-B2CA-6EDA5E4EAEF1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:h:*:8852:*:*:*:*:*\", \"matchCriteriaId\": \"D22C37E6-62A0-48FD-8000-91270C14B646\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:hc10:*:7996:*:*:*:*:*\", \"matchCriteriaId\": \"E98311E3-E944-4380-B52A-CCB7895187B0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:hs12:*:1916:*:*:*:*:*\", \"matchCriteriaId\": \"B77405D4-F9B6-445A-9124-AAF53F955FA0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:hs12:*:8014:*:*:*:*:*\", \"matchCriteriaId\": \"CA2824FF-1585-4035-AB47-24835688BEE6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:hs12:*:8028:*:*:*:*:*\", \"matchCriteriaId\": \"2BE05E6A-F41B-4F5B-BF80-E9848BC21D5D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:hs20:*:1883:*:*:*:*:*\", \"matchCriteriaId\": \"84927A93-FBE6-4A9D-937C-73D84FDA0CFE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:hs21:*:1885:*:*:*:*:*\", \"matchCriteriaId\": \"6AD291A9-FD2A-4F2E-AA5A-F587781FF208\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:hs21:*:8853:*:*:*:*:*\", \"matchCriteriaId\": \"61A7429A-EA22-4CC3-9177-EBD739BB55AD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:hs21_xm:*:1915:*:*:*:*:*\", \"matchCriteriaId\": \"177AB1AA-15CC-416C-A47B-7C290F23EC31\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:hs21_xm:*:7995:*:*:*:*:*\", \"matchCriteriaId\": \"1210591D-6168-4C99-A40F-18BCC49656F5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:ht:*:8740:*:*:*:*:*\", \"matchCriteriaId\": \"E2C199D1-B4F3-4939-A216-30836490B4F5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:ht:*:8750:*:*:*:*:*\", \"matchCriteriaId\": \"FD438583-D9C6-40CD-9526-D42E8FAC6689\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:js12:*:7998:*:*:*:*:*\", \"matchCriteriaId\": \"8D690D2D-174D-40CB-9273-8FA8E75EACDD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:js21:*:7988:*:*:*:*:*\", \"matchCriteriaId\": \"FBC94677-BF7E-4DEE-9C2B-EEF4E730E6F8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:js21:*:8844:*:*:*:*:*\", \"matchCriteriaId\": \"B0B7B3D3-306D-45C1-992F-8DBE78106A0A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:js22:*:7998:*:*:*:*:*\", \"matchCriteriaId\": \"97B880FC-2992-4644-B40D-BFD857ADDF7D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:ls20:*:8850:*:*:*:*:*\", \"matchCriteriaId\": \"55CF4234-A310-4A08-9BFA-6CA0E46F50CB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:ls21:*:7971:*:*:*:*:*\", \"matchCriteriaId\": \"FF502A54-6B7B-4ED9-932B-DC51A440D145\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:ls41:*:7972:*:*:*:*:*\", \"matchCriteriaId\": \"7A7C4912-DCDC-4402-BC10-B7BCE2821E86\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:qs21:*:0792:*:*:*:*:*\", \"matchCriteriaId\": \"6D2473A1-0DBB-4A17-8330-1E835D793815\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:qs22:*:0793:*:*:*:*:*\", \"matchCriteriaId\": \"F7BD9823-CDFB-4E75-B9CA-AB4D53BE22DE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:s:*:1948:*:*:*:*:*\", \"matchCriteriaId\": \"3D8C051F-56B7-4B6D-8357-4E1B76DAE024\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:s:*:8886:*:*:*:*:*\", \"matchCriteriaId\": \"9AC31661-5830-4FB3-8970-7C26D0658BC0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*\", \"matchCriteriaId\": \"A7C6F823-C727-45DA-A623-3F95C92CFE76\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*\", \"matchCriteriaId\": \"9B853206-C826-4215-9A56-8CAF9D018603\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de falsificaci\\u00f3n de petici\\u00f3n en sitios cruzados(CSRF) en la interfaz de administraci\\u00f3n web en el M\\u00f3dulo de Gesti\\u00f3n Avanzada (AMM) en el IBM BladeCenter, incluidos los BladeCenter H con BPET36H 54, permiten a atacantes remotos realizar acciones no autorizadas como administradores, como lo demuestra una solicitud de apagado al script private/blade_power_action.\"}]",
      "id": "CVE-2009-1290",
      "lastModified": "2024-11-21T01:02:06.877",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": true}]}",
      "published": "2009-04-13T16:30:00.483",
      "references": "[{\"url\": \"http://osvdb.org/53660\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1022025\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.louhinetworks.fi/advisory/ibm_090409.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/502582/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/34447\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://osvdb.org/53660\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1022025\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.louhinetworks.fi/advisory/ibm_090409.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/502582/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/34447\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1290\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-04-13T16:30:00.483\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados(CSRF) en la interfaz de administraci\u00f3n web en el M\u00f3dulo de Gesti\u00f3n Avanzada (AMM) en el IBM BladeCenter, incluidos los BladeCenter H con BPET36H 54, permiten a atacantes remotos realizar acciones no autorizadas como administradores, como lo demuestra una solicitud de apagado al script private/blade_power_action.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:advanced_management_module:1.36h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65D2F618-192F-449D-B182-0AF5CAAE730B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:e:*:1881:*:*:*:*:*\",\"matchCriteriaId\":\"F0D41279-6729-447A-A9CE-EFD83D82DC19\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:e:*:7967:*:*:*:*:*\",\"matchCriteriaId\":\"F578E536-42AE-4ABB-999B-C0F1249913D4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:e:*:8677:*:*:*:*:*\",\"matchCriteriaId\":\"BDE7F2D8-362B-49E5-B110-F5845F337FE5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:h:*:7989:*:*:*:*:*\",\"matchCriteriaId\":\"0BAADDA3-CD72-4F14-B2CA-6EDA5E4EAEF1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:h:*:8852:*:*:*:*:*\",\"matchCriteriaId\":\"D22C37E6-62A0-48FD-8000-91270C14B646\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:hc10:*:7996:*:*:*:*:*\",\"matchCriteriaId\":\"E98311E3-E944-4380-B52A-CCB7895187B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:hs12:*:1916:*:*:*:*:*\",\"matchCriteriaId\":\"B77405D4-F9B6-445A-9124-AAF53F955FA0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:hs12:*:8014:*:*:*:*:*\",\"matchCriteriaId\":\"CA2824FF-1585-4035-AB47-24835688BEE6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:hs12:*:8028:*:*:*:*:*\",\"matchCriteriaId\":\"2BE05E6A-F41B-4F5B-BF80-E9848BC21D5D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:hs20:*:1883:*:*:*:*:*\",\"matchCriteriaId\":\"84927A93-FBE6-4A9D-937C-73D84FDA0CFE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:hs21:*:1885:*:*:*:*:*\",\"matchCriteriaId\":\"6AD291A9-FD2A-4F2E-AA5A-F587781FF208\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:hs21:*:8853:*:*:*:*:*\",\"matchCriteriaId\":\"61A7429A-EA22-4CC3-9177-EBD739BB55AD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:hs21_xm:*:1915:*:*:*:*:*\",\"matchCriteriaId\":\"177AB1AA-15CC-416C-A47B-7C290F23EC31\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:hs21_xm:*:7995:*:*:*:*:*\",\"matchCriteriaId\":\"1210591D-6168-4C99-A40F-18BCC49656F5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:ht:*:8740:*:*:*:*:*\",\"matchCriteriaId\":\"E2C199D1-B4F3-4939-A216-30836490B4F5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:ht:*:8750:*:*:*:*:*\",\"matchCriteriaId\":\"FD438583-D9C6-40CD-9526-D42E8FAC6689\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:js12:*:7998:*:*:*:*:*\",\"matchCriteriaId\":\"8D690D2D-174D-40CB-9273-8FA8E75EACDD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:js21:*:7988:*:*:*:*:*\",\"matchCriteriaId\":\"FBC94677-BF7E-4DEE-9C2B-EEF4E730E6F8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:js21:*:8844:*:*:*:*:*\",\"matchCriteriaId\":\"B0B7B3D3-306D-45C1-992F-8DBE78106A0A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:js22:*:7998:*:*:*:*:*\",\"matchCriteriaId\":\"97B880FC-2992-4644-B40D-BFD857ADDF7D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:ls20:*:8850:*:*:*:*:*\",\"matchCriteriaId\":\"55CF4234-A310-4A08-9BFA-6CA0E46F50CB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:ls21:*:7971:*:*:*:*:*\",\"matchCriteriaId\":\"FF502A54-6B7B-4ED9-932B-DC51A440D145\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:ls41:*:7972:*:*:*:*:*\",\"matchCriteriaId\":\"7A7C4912-DCDC-4402-BC10-B7BCE2821E86\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:qs21:*:0792:*:*:*:*:*\",\"matchCriteriaId\":\"6D2473A1-0DBB-4A17-8330-1E835D793815\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:qs22:*:0793:*:*:*:*:*\",\"matchCriteriaId\":\"F7BD9823-CDFB-4E75-B9CA-AB4D53BE22DE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:s:*:1948:*:*:*:*:*\",\"matchCriteriaId\":\"3D8C051F-56B7-4B6D-8357-4E1B76DAE024\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:s:*:8886:*:*:*:*:*\",\"matchCriteriaId\":\"9AC31661-5830-4FB3-8970-7C26D0658BC0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*\",\"matchCriteriaId\":\"A7C6F823-C727-45DA-A623-3F95C92CFE76\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*\",\"matchCriteriaId\":\"9B853206-C826-4215-9A56-8CAF9D018603\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/53660\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1022025\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.louhinetworks.fi/advisory/ibm_090409.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/502582/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/34447\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://osvdb.org/53660\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1022025\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.louhinetworks.fi/advisory/ibm_090409.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/502582/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/34447\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
  }
}

GSD-2009-1290

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-1290

Aliases

CVE-2009-1290

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1290",
    "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.",
    "id": "GSD-2009-1290"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1290"
      ],
      "details": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.",
      "id": "GSD-2009-1290",
      "modified": "2023-12-13T01:19:47.520143Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-1290",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
          },
          {
            "name": "34447",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34447"
          },
          {
            "name": "1022025",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1022025"
          },
          {
            "name": "53660",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/53660"
          },
          {
            "name": "http://www.louhinetworks.fi/advisory/ibm_090409.txt",
            "refsource": "MISC",
            "url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:advanced_management_module:1.36h:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:e:*:7967:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:e:*:8677:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs12:*:8028:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs20:*:1883:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:ls41:*:7972:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:qs21:*:0792:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:h:*:8852:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:h:*:7989:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:js21:*:8844:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:js22:*:7998:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hc10:*:7996:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:7995:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:1915:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:e:*:1881:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:s:*:1948:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:s:*:8886:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs12:*:8014:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs12:*:1916:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:ls20:*:8850:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:ls21:*:7971:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:ht:*:8740:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:ht:*:8750:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:js12:*:7998:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:js21:*:7988:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs21:*:8853:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:hs21:*:1885:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:bladecenter:qs22:*:0793:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1290"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1022025",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1022025"
            },
            {
              "name": "http://www.louhinetworks.fi/advisory/ibm_090409.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
            },
            {
              "name": "34447",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/34447"
            },
            {
              "name": "53660",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/53660"
            },
            {
              "name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-10T19:35Z",
      "publishedDate": "2009-04-13T16:30Z"
    }
  }
}

CERTA-2009-AVI-151

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans le microgiciel IBM BladeCenter Advanced Management Module.

Description

Plusieurs vulnérabilités ont été corrigées dans IBM BladeCenter Advanced Management Module. Ces vulnérabilités permettent à une personne malintentionnée d'effectuer des injections de code indirectes (xss), des injections de requêtes illégitimes par rebond (csrf) et/ou de porter atteinte à la confidentialité de certaines données.

Solution

La mise à jour du microgiciel en version 1.42U corrige les problèmes.

IBM BladeCenter Advanced Management Module firmware 1.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Liste de modifications du microgiciel v1.42U	None	vendor-advisory
Obtention et liste des modifications du Firmware v1.42U (BPET42U) :	-	other
Obtention et liste des modifications du Firmware v1.42U (BBET42U) :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eIBM BladeCenter Advanced Management Module firmware 1.x.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans IBM BladeCenter Advanced\nManagement Module. Ces vuln\u00e9rabilit\u00e9s permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027effectuer des injections de code indirectes (xss), des\ninjections de requ\u00eates ill\u00e9gitimes par rebond (csrf) et/ou de porter\natteinte \u00e0 la confidentialit\u00e9 de certaines donn\u00e9es.\n\n## Solution\n\nLa mise \u00e0 jour du microgiciel en version 1.42U corrige les probl\u00e8mes.\n",
  "cves": [
    {
      "name": "CVE-2009-1290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1290"
    },
    {
      "name": "CVE-2009-1289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1289"
    },
    {
      "name": "CVE-2009-1288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1288"
    }
  ],
  "links": [
    {
      "title": "Obtention et liste des modifications du Firmware v1.42U    (BPET42U) :",
      "url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?Indocid=MIGR-5076204\u0026brandind=5000020"
    },
    {
      "title": "Obtention et liste des modifications du Firmware v1.42U    (BBET42U) :",
      "url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?Indocid=MIGR-5076206\u0026brandind=5000020"
    }
  ],
  "reference": "CERTA-2009-AVI-151",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le microgiciel \u003cspan\nclass=\"textit\"\u003eIBM BladeCenter Advanced Management Module\u003c/span\u003e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM BladeCenter Advanced Management Module",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Liste de modifications du microgiciel v1.42U",
      "url": null
    }
  ]
}

CERTA-2009-AVI-151

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans le microgiciel IBM BladeCenter Advanced Management Module.

Description

Solution

La mise à jour du microgiciel en version 1.42U corrige les problèmes.

IBM BladeCenter Advanced Management Module firmware 1.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Liste de modifications du microgiciel v1.42U	None	vendor-advisory
Obtention et liste des modifications du Firmware v1.42U (BPET42U) :	-	other
Obtention et liste des modifications du Firmware v1.42U (BBET42U) :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eIBM BladeCenter Advanced Management Module firmware 1.x.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans IBM BladeCenter Advanced\nManagement Module. Ces vuln\u00e9rabilit\u00e9s permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027effectuer des injections de code indirectes (xss), des\ninjections de requ\u00eates ill\u00e9gitimes par rebond (csrf) et/ou de porter\natteinte \u00e0 la confidentialit\u00e9 de certaines donn\u00e9es.\n\n## Solution\n\nLa mise \u00e0 jour du microgiciel en version 1.42U corrige les probl\u00e8mes.\n",
  "cves": [
    {
      "name": "CVE-2009-1290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1290"
    },
    {
      "name": "CVE-2009-1289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1289"
    },
    {
      "name": "CVE-2009-1288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1288"
    }
  ],
  "links": [
    {
      "title": "Obtention et liste des modifications du Firmware v1.42U    (BPET42U) :",
      "url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?Indocid=MIGR-5076204\u0026brandind=5000020"
    },
    {
      "title": "Obtention et liste des modifications du Firmware v1.42U    (BBET42U) :",
      "url": "http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?Indocid=MIGR-5076206\u0026brandind=5000020"
    }
  ],
  "reference": "CERTA-2009-AVI-151",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le microgiciel \u003cspan\nclass=\"textit\"\u003eIBM BladeCenter Advanced Management Module\u003c/span\u003e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM BladeCenter Advanced Management Module",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Liste de modifications du microgiciel v1.42U",
      "url": null
    }
  ]
}

GHSA-J8CP-Q9F7-WQCH

Vulnerability from github – Published: 2022-05-02 03:23 – Updated: 2022-05-02 03:23

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1290"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-13T16:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.",
  "id": "GHSA-j8cp-q9f7-wqch",
  "modified": "2022-05-02T03:23:40Z",
  "published": "2022-05-02T03:23:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1290"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/53660"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1022025"
    },
    {
      "type": "WEB",
      "url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34447"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2009-1290

Vulnerability from fkie_nvd - Published: 2009-04-13 16:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/53660
cve@mitre.org	http://securitytracker.com/id?1022025
cve@mitre.org	http://www.louhinetworks.fi/advisory/ibm_090409.txt
cve@mitre.org	http://www.securityfocus.com/archive/1/502582/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/34447	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/53660
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022025
af854a3a-2127-422b-91ae-364da2661108	http://www.louhinetworks.fi/advisory/ibm_090409.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/502582/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34447	Exploit

Impacted products

Vendor	Product	Version
ibm	advanced_management_module	1.36h
ibm	bladecenter	e
ibm	bladecenter	e
ibm	bladecenter	e
ibm	bladecenter	h
ibm	bladecenter	h
ibm	bladecenter	hc10
ibm	bladecenter	hs12
ibm	bladecenter	hs12
ibm	bladecenter	hs12
ibm	bladecenter	hs20
ibm	bladecenter	hs21
ibm	bladecenter	hs21
ibm	bladecenter	hs21_xm
ibm	bladecenter	hs21_xm
ibm	bladecenter	ht
ibm	bladecenter	ht
ibm	bladecenter	js12
ibm	bladecenter	js21
ibm	bladecenter	js21
ibm	bladecenter	js22
ibm	bladecenter	ls20
ibm	bladecenter	ls21
ibm	bladecenter	ls41
ibm	bladecenter	qs21
ibm	bladecenter	qs22
ibm	bladecenter	s
ibm	bladecenter	s
ibm	bladecenter	t
ibm	bladecenter	t

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:advanced_management_module:1.36h:*:*:*:*:*:*:*",
              "matchCriteriaId": "65D2F618-192F-449D-B182-0AF5CAAE730B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:e:*:1881:*:*:*:*:*",
              "matchCriteriaId": "F0D41279-6729-447A-A9CE-EFD83D82DC19",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:e:*:7967:*:*:*:*:*",
              "matchCriteriaId": "F578E536-42AE-4ABB-999B-C0F1249913D4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:e:*:8677:*:*:*:*:*",
              "matchCriteriaId": "BDE7F2D8-362B-49E5-B110-F5845F337FE5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:h:*:7989:*:*:*:*:*",
              "matchCriteriaId": "0BAADDA3-CD72-4F14-B2CA-6EDA5E4EAEF1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:h:*:8852:*:*:*:*:*",
              "matchCriteriaId": "D22C37E6-62A0-48FD-8000-91270C14B646",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hc10:*:7996:*:*:*:*:*",
              "matchCriteriaId": "E98311E3-E944-4380-B52A-CCB7895187B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:1916:*:*:*:*:*",
              "matchCriteriaId": "B77405D4-F9B6-445A-9124-AAF53F955FA0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8014:*:*:*:*:*",
              "matchCriteriaId": "CA2824FF-1585-4035-AB47-24835688BEE6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8028:*:*:*:*:*",
              "matchCriteriaId": "2BE05E6A-F41B-4F5B-BF80-E9848BC21D5D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs20:*:1883:*:*:*:*:*",
              "matchCriteriaId": "84927A93-FBE6-4A9D-937C-73D84FDA0CFE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:1885:*:*:*:*:*",
              "matchCriteriaId": "6AD291A9-FD2A-4F2E-AA5A-F587781FF208",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:8853:*:*:*:*:*",
              "matchCriteriaId": "61A7429A-EA22-4CC3-9177-EBD739BB55AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:1915:*:*:*:*:*",
              "matchCriteriaId": "177AB1AA-15CC-416C-A47B-7C290F23EC31",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:7995:*:*:*:*:*",
              "matchCriteriaId": "1210591D-6168-4C99-A40F-18BCC49656F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8740:*:*:*:*:*",
              "matchCriteriaId": "E2C199D1-B4F3-4939-A216-30836490B4F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8750:*:*:*:*:*",
              "matchCriteriaId": "FD438583-D9C6-40CD-9526-D42E8FAC6689",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:js12:*:7998:*:*:*:*:*",
              "matchCriteriaId": "8D690D2D-174D-40CB-9273-8FA8E75EACDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:7988:*:*:*:*:*",
              "matchCriteriaId": "FBC94677-BF7E-4DEE-9C2B-EEF4E730E6F8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:8844:*:*:*:*:*",
              "matchCriteriaId": "B0B7B3D3-306D-45C1-992F-8DBE78106A0A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:js22:*:7998:*:*:*:*:*",
              "matchCriteriaId": "97B880FC-2992-4644-B40D-BFD857ADDF7D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:ls20:*:8850:*:*:*:*:*",
              "matchCriteriaId": "55CF4234-A310-4A08-9BFA-6CA0E46F50CB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:ls21:*:7971:*:*:*:*:*",
              "matchCriteriaId": "FF502A54-6B7B-4ED9-932B-DC51A440D145",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:ls41:*:7972:*:*:*:*:*",
              "matchCriteriaId": "7A7C4912-DCDC-4402-BC10-B7BCE2821E86",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:qs21:*:0792:*:*:*:*:*",
              "matchCriteriaId": "6D2473A1-0DBB-4A17-8330-1E835D793815",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:qs22:*:0793:*:*:*:*:*",
              "matchCriteriaId": "F7BD9823-CDFB-4E75-B9CA-AB4D53BE22DE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:s:*:1948:*:*:*:*:*",
              "matchCriteriaId": "3D8C051F-56B7-4B6D-8357-4E1B76DAE024",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:s:*:8886:*:*:*:*:*",
              "matchCriteriaId": "9AC31661-5830-4FB3-8970-7C26D0658BC0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*",
              "matchCriteriaId": "A7C6F823-C727-45DA-A623-3F95C92CFE76",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*",
              "matchCriteriaId": "9B853206-C826-4215-9A56-8CAF9D018603",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados(CSRF) en la interfaz de administraci\u00f3n web en el M\u00f3dulo de Gesti\u00f3n Avanzada (AMM) en el IBM BladeCenter, incluidos los BladeCenter H con BPET36H 54, permiten a atacantes remotos realizar acciones no autorizadas como administradores, como lo demuestra una solicitud de apagado al script private/blade_power_action."
    }
  ],
  "id": "CVE-2009-1290",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-04-13T16:30:00.483",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/53660"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1022025"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/34447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/53660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1022025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/34447"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1290 (GCVE-0-2009-1290)

GSD-2009-1290

CERTA-2009-AVI-151

Description

Solution

CERTA-2009-AVI-151

Description

Solution

GHSA-J8CP-Q9F7-WQCH

FKIE_CVE-2009-1290

Tags

Sightings

Nomenclature