374 matches found
CVE-2013-5438
Cross-site scripting XSS vulnerability in the web server in IBM Flex System Manager FSM 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the web server in IBM Flex System Manager FSM 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-5438
Cross-site scripting XSS vulnerability in the web server in IBM Flex System Manager FSM 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-5438
IBM Flex System Manager (FSM) web server versions 1.1.0–1.3 are affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary HTML/JavaScript via unsanitized input. The IBM bulletin notes a CVSS base score of 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) and lists aff...
CVE-2013-5424
IBM Flex System Manager FSM 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account...
Design/Logic Flaw
IBM Flex System Manager FSM 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account...
CVE-2013-5424
The IBM Security Bulletin confirms CVE-2013-5424 affects IBM Flex System Manager (FSM) 1.3.0, where an expired password for the system-level USERID lets an attacker bypass access controls and create rogue accounts or execute tasks. Affected product/version: FSM 1.3.0. Root cause: expired system-l...
CVE-2013-5424
IBM Flex System Manager FSM 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account...
Default credentials
The Intelligent Platform Management Interface IPMI implementation in Integrated Management Module IMM on IBM BladeCenter, Flex System, System x iDataPlex, and System x3 servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading...
CVE-2013-4038
The CVE-2013-4038 issue affects IBM IMM/IMM2 IPMI implementations (IBM BladeCenter, Flex System, System x iDataPlex, System x3###). Root cause: passwords for user accounts are stored in clear text in the IMM filesystem, enabling an attacker with access to the IMM OS to view credentials and potent...
CVE-2012-4838
IBM Flex System Chassis Management Module CMM and Integrated Management Module 2 IMM2 allow local users to obtain sensitive information about 1 local accounts, 2 SSH private keys, 3 SSL/TLS private keys, 4 SNMPv3 communities, and 5 LDAP credentials by leveraging unspecified side effects of servic...
Code injection
IBM Flex System Chassis Management Module CMM and Integrated Management Module 2 IMM2 allow local users to obtain sensitive information about 1 local accounts, 2 SSH private keys, 3 SSL/TLS private keys, 4 SNMPv3 communities, and 5 LDAP credentials by leveraging unspecified side effects of servic...
CVE-2012-4838
IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) are affected by CVE-2012-4838. Public descriptions indicate local users can obtain sensitive information (local accounts, SSH private keys, SSL/TLS private keys, SNMPv3 communities, and LDAP credentials) via...
CVE-2012-4838
IBM Flex System Chassis Management Module CMM and Integrated Management Module 2 IMM2 allow local users to obtain sensitive information about 1 local accounts, 2 SSH private keys, 3 SSL/TLS private keys, 4 SNMPv3 communities, and 5 LDAP credentials by leveraging unspecified side effects of servic...