Lucene search
+L
IbmAdvanced Management Module

9 matches found

CVE
CVE
added 2009/04/13 4:0 p.m.62 views

CVE-2009-1288

The CVE-2009-1288 entry describes multiple cross-site scripting (XSS) vulnerabilities in IBM BladeCenter’s Advanced Management Module (AMM), including the BladeCenter H with BPET36H 54. The issues allow remote attackers to inject arbitrary web script or HTML via the username field during login or...

4.3CVSS5.7AI score0.01765EPSS
Web
CVE
CVE
added 2014/07/07 10:0 a.m.62 views

CVE-2014-0860

The CVE-2014-0860 issue affects IBM BladeCenter components: AMM firmware before 3.66E, IMM firmware before 1.43, and IMM2 firmware before 4.15. The root cause is that administrative IPMI credentials are stored in plaintext within the firmware binaries, allowing an attacker with access to the chas...

5CVSS7.3AI score0.00982EPSS
CVE
CVE
added 2009/04/13 4:0 p.m.54 views

CVE-2009-1290

The CVE-2009-1290 entry documents CSRF vulnerabilities in the IBM BladeCenter AMM web administration interface (including BladeCenter H with BPET36H 54). The underlying issue is cross-site request forgery that can enable remote attackers to hijack administrator authentication, demonstrated by a p...

6.8CVSS7.2AI score0.00984EPSS
CVE
CVE
added 2010/04/16 6:0 p.m.53 views

CVE-2010-1460

The vulnerability CVE-2010-1460 affects the IBM BladeCenter AMM firmware prior to bpet50g. The issue is improper interrupt sharing for USB and iSCSI, allowing remote attackers to cause a denial of service resulting in a management module reboot via TCP packets containing malformed application dat...

5CVSS6.8AI score0.02769EPSS
CVE
CVE
added 2010/07/07 6:0 p.m.53 views

CVE-2010-2656

CVE-2010-2656 affects IBM BladeCenter AMM firmware BPET48L (and possibly earlier 4.7/5.0). The issue: sensitive data is stored under the web root with insufficient access control, enabling remote attackers to download sensitive files (e.g., logs or core files) via direct requests, demonstrated by...

5CVSS6.6AI score0.02456EPSS
CVE
CVE
added 2010/07/07 6:0 p.m.51 views

CVE-2010-2654

CVE-2010-2654 affects IBM BladeCenter with AMM firmware BPET48L (and possibly earlier versions before 4.7 and 5.0). The vulnerability involves multiple reflected cross-site scripting (XSS) flaws in web interfaces, enabling remote attackers to inject arbitrary script/HTML via parameters in several...

4.3CVSS5.9AI score0.02283EPSS
Web
CVE
CVE
added 2009/04/13 4:0 p.m.46 views

CVE-2009-1289

CVE-2009-1289 affects the IBM BladeCenter Advanced Management Module (AMM), including BladeCenter H with BPET36H 54. The issue allows remote attackers to discover the access roles and scopes of arbitrary user accounts by sending a modified WEBINDEX parameter to private/login.ssi. Root cause: mani...

4CVSS6.8AI score0.0109EPSS
Web
CVE
CVE
added 2010/07/07 6:0 p.m.46 views

CVE-2010-2655

The vulnerability CVE-2010-2655 affects the IBM BladeCenter Advanced Management Module (AMM) firmware, BPET48L, and possibly earlier versions before 4.7 and 5.0. It is a directory traversal in private/file_management.php that allows remote authenticated users to list arbitrary directories and pot...

4CVSS7AI score0.02291EPSS
Web
CVE
CVE
added 2013/08/16 1:0 a.m.39 views

CVE-2013-4007

The CVE-2013-4007 entry concerns a Cross-Site Scripting (XSS) vulnerability in IBM BladeCenter’s Advanced Management Module (AMM), specifically in the adv_sw.php page. Affected firmware versions are BBET before BBET64G and BPET before BPET64G. The underlying issue allows a remote attacker to exec...

3.5CVSS5.8AI score0.00765EPSS
Web