Advanced Management Module Security Vulnerabilities and Issues — Advanced Management Module CVE List

Lucene search

IbmAdvanced Management Module

9 matches found

CVE•added 2014/07/07 11:1 a.m.•47 views

CVE-2014-0860

The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitr...

5CVSS7.3AI score0.00236EPSS

CVE•added 2009/04/13 4:30 p.m.•42 views

CVE-2009-1288

Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/...

4.3CVSS5.7AI score0.0485EPSS

CVE•added 2010/04/16 6:30 p.m.•42 views

CVE-2010-1460

The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data.

5CVSS6.8AI score0.04487EPSS

CVE•added 2009/04/13 4:30 p.m.•41 views

CVE-2009-1290

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a pow...

6.8CVSS7.2AI score0.00462EPSS

CVE•added 2010/07/08 12:54 p.m.•38 views

CVE-2010-2656

The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requ...

5CVSS6.6AI score0.17218EPSS

CVE•added 2010/07/08 12:54 p.m.•36 views

CVE-2010-2654

Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to priv...

4.3CVSS5.9AI score0.03436EPSS

CVE•added 2009/04/13 4:30 p.m.•31 views

CVE-2009-1289

private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.

4CVSS6.8AI score0.00208EPSS

CVE•added 2010/07/08 12:54 p.m.•31 views

CVE-2010-2655

Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified othe...

4CVSS7AI score0.19091EPSS

CVE•added 2013/08/16 1:55 a.m.•29 views

CVE-2013-4007

Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.8AI score0.00201EPSS