FKIE_CVE-2009-1289

Vulnerability from fkie_nvd - Published: 2009-04-13 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.
References
cve@mitre.orghttp://osvdb.org/53659
cve@mitre.orghttp://securitytracker.com/id?1022025
cve@mitre.orghttp://www.louhinetworks.fi/advisory/ibm_090409.txtExploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/502582/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/34447
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/53659
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1022025
af854a3a-2127-422b-91ae-364da2661108http://www.louhinetworks.fi/advisory/ibm_090409.txtExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/502582/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34447
Impacted products
Vendor Product Version
ibm advanced_management_module 1.36h
ibm bladecenter e
ibm bladecenter e
ibm bladecenter e
ibm bladecenter h
ibm bladecenter h
ibm bladecenter hc10
ibm bladecenter hs12
ibm bladecenter hs12
ibm bladecenter hs12
ibm bladecenter hs20
ibm bladecenter hs21
ibm bladecenter hs21
ibm bladecenter hs21_xm
ibm bladecenter hs21_xm
ibm bladecenter ht
ibm bladecenter ht
ibm bladecenter js12
ibm bladecenter js21
ibm bladecenter js21
ibm bladecenter js22
ibm bladecenter ls20
ibm bladecenter ls21
ibm bladecenter ls41
ibm bladecenter qs21
ibm bladecenter qs22
ibm bladecenter s
ibm bladecenter s
ibm bladecenter t
ibm bladecenter t
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:advanced_management_module:1.36h:*:*:*:*:*:*:*",
              "matchCriteriaId": "65D2F618-192F-449D-B182-0AF5CAAE730B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:e:*:1881:*:*:*:*:*",
              "matchCriteriaId": "F0D41279-6729-447A-A9CE-EFD83D82DC19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:e:*:7967:*:*:*:*:*",
              "matchCriteriaId": "F578E536-42AE-4ABB-999B-C0F1249913D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:e:*:8677:*:*:*:*:*",
              "matchCriteriaId": "BDE7F2D8-362B-49E5-B110-F5845F337FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:h:*:7989:*:*:*:*:*",
              "matchCriteriaId": "0BAADDA3-CD72-4F14-B2CA-6EDA5E4EAEF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:h:*:8852:*:*:*:*:*",
              "matchCriteriaId": "D22C37E6-62A0-48FD-8000-91270C14B646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hc10:*:7996:*:*:*:*:*",
              "matchCriteriaId": "E98311E3-E944-4380-B52A-CCB7895187B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:1916:*:*:*:*:*",
              "matchCriteriaId": "B77405D4-F9B6-445A-9124-AAF53F955FA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8014:*:*:*:*:*",
              "matchCriteriaId": "CA2824FF-1585-4035-AB47-24835688BEE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs12:*:8028:*:*:*:*:*",
              "matchCriteriaId": "2BE05E6A-F41B-4F5B-BF80-E9848BC21D5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs20:*:1883:*:*:*:*:*",
              "matchCriteriaId": "84927A93-FBE6-4A9D-937C-73D84FDA0CFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:1885:*:*:*:*:*",
              "matchCriteriaId": "6AD291A9-FD2A-4F2E-AA5A-F587781FF208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs21:*:8853:*:*:*:*:*",
              "matchCriteriaId": "61A7429A-EA22-4CC3-9177-EBD739BB55AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:1915:*:*:*:*:*",
              "matchCriteriaId": "177AB1AA-15CC-416C-A47B-7C290F23EC31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:hs21_xm:*:7995:*:*:*:*:*",
              "matchCriteriaId": "1210591D-6168-4C99-A40F-18BCC49656F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8740:*:*:*:*:*",
              "matchCriteriaId": "E2C199D1-B4F3-4939-A216-30836490B4F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:ht:*:8750:*:*:*:*:*",
              "matchCriteriaId": "FD438583-D9C6-40CD-9526-D42E8FAC6689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:js12:*:7998:*:*:*:*:*",
              "matchCriteriaId": "8D690D2D-174D-40CB-9273-8FA8E75EACDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:7988:*:*:*:*:*",
              "matchCriteriaId": "FBC94677-BF7E-4DEE-9C2B-EEF4E730E6F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:js21:*:8844:*:*:*:*:*",
              "matchCriteriaId": "B0B7B3D3-306D-45C1-992F-8DBE78106A0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:js22:*:7998:*:*:*:*:*",
              "matchCriteriaId": "97B880FC-2992-4644-B40D-BFD857ADDF7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:ls20:*:8850:*:*:*:*:*",
              "matchCriteriaId": "55CF4234-A310-4A08-9BFA-6CA0E46F50CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:ls21:*:7971:*:*:*:*:*",
              "matchCriteriaId": "FF502A54-6B7B-4ED9-932B-DC51A440D145",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:ls41:*:7972:*:*:*:*:*",
              "matchCriteriaId": "7A7C4912-DCDC-4402-BC10-B7BCE2821E86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:qs21:*:0792:*:*:*:*:*",
              "matchCriteriaId": "6D2473A1-0DBB-4A17-8330-1E835D793815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:qs22:*:0793:*:*:*:*:*",
              "matchCriteriaId": "F7BD9823-CDFB-4E75-B9CA-AB4D53BE22DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:s:*:1948:*:*:*:*:*",
              "matchCriteriaId": "3D8C051F-56B7-4B6D-8357-4E1B76DAE024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:s:*:8886:*:*:*:*:*",
              "matchCriteriaId": "9AC31661-5830-4FB3-8970-7C26D0658BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*",
              "matchCriteriaId": "A7C6F823-C727-45DA-A623-3F95C92CFE76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*",
              "matchCriteriaId": "9B853206-C826-4215-9A56-8CAF9D018603",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en private/login.ssi en el \"Advanced Management Module\" (AMM) o m\u00f3dulo de gesti\u00f3n avanzada de BladeCenter de IBM, incluyendo el BladeCenter H con BPET36H 54, permite a usuarios remotos averiguar los roles de acceso y el \"scope\" (alcance) de cuentas de usuario arbitrarias a trav\u00e9s del par\u00e1metro WEBINDEX."
    }
  ],
  "id": "CVE-2009-1289",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-13T16:30:00.453",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/53659"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1022025"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/53659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1022025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34447"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.