Lucene search

[email protected]CVE-2009-1290

HistoryApr 13, 2009 - 4:30 p.m.

CVE-2009-1290

2009-04-1316:30:00

CWE-352

[email protected]

web.nvd.nist.gov

cve

2009

1290

csrf

vulnerabilities

ibm

bladecenter

amm

web administration

hijack authentication

remote attackers

administrators

power-off request

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.6%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.

CPENameOperatorVersion
ibm:advanced_management_moduleibm advanced management moduleeq1.36h

CPE	Name	Operator	Version
ibm:advanced_management_module	ibm advanced management module	eq	1.36h

References

osvdb.org/53660

securitytracker.com/id?1022025

www.louhinetworks.fi/advisory/ibm_090409.txt

www.securityfocus.com/archive/1/502582/100/0/threaded

www.securityfocus.com/bid/34447

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for CVE-2009-1290

prion1 cvelist1