9 matches found
CVE-2009-1288
The CVE-2009-1288 entry describes multiple cross-site scripting (XSS) vulnerabilities in IBM BladeCenter’s Advanced Management Module (AMM), including the BladeCenter H with BPET36H 54. The issues allow remote attackers to inject arbitrary web script or HTML via the username field during login or...
CVE-2014-0860
The CVE-2014-0860 issue affects IBM BladeCenter components: AMM firmware before 3.66E, IMM firmware before 1.43, and IMM2 firmware before 4.15. The root cause is that administrative IPMI credentials are stored in plaintext within the firmware binaries, allowing an attacker with access to the chas...
CVE-2009-1290
The CVE-2009-1290 entry documents CSRF vulnerabilities in the IBM BladeCenter AMM web administration interface (including BladeCenter H with BPET36H 54). The underlying issue is cross-site request forgery that can enable remote attackers to hijack administrator authentication, demonstrated by a p...
CVE-2010-1460
The vulnerability CVE-2010-1460 affects the IBM BladeCenter AMM firmware prior to bpet50g. The issue is improper interrupt sharing for USB and iSCSI, allowing remote attackers to cause a denial of service resulting in a management module reboot via TCP packets containing malformed application dat...
CVE-2010-2656
CVE-2010-2656 affects IBM BladeCenter AMM firmware BPET48L (and possibly earlier 4.7/5.0). The issue: sensitive data is stored under the web root with insufficient access control, enabling remote attackers to download sensitive files (e.g., logs or core files) via direct requests, demonstrated by...
CVE-2010-2654
CVE-2010-2654 affects IBM BladeCenter with AMM firmware BPET48L (and possibly earlier versions before 4.7 and 5.0). The vulnerability involves multiple reflected cross-site scripting (XSS) flaws in web interfaces, enabling remote attackers to inject arbitrary script/HTML via parameters in several...
CVE-2009-1289
CVE-2009-1289 affects the IBM BladeCenter Advanced Management Module (AMM), including BladeCenter H with BPET36H 54. The issue allows remote attackers to discover the access roles and scopes of arbitrary user accounts by sending a modified WEBINDEX parameter to private/login.ssi. Root cause: mani...
CVE-2010-2655
The vulnerability CVE-2010-2655 affects the IBM BladeCenter Advanced Management Module (AMM) firmware, BPET48L, and possibly earlier versions before 4.7 and 5.0. It is a directory traversal in private/file_management.php that allows remote authenticated users to list arbitrary directories and pot...
CVE-2013-4007
The CVE-2013-4007 entry concerns a Cross-Site Scripting (XSS) vulnerability in IBM BladeCenter’s Advanced Management Module (AMM), specifically in the adv_sw.php page. Affected firmware versions are BBET before BBET64G and BPET before BPET64G. The underlying issue allows a remote attacker to exec...