5 matches found
CVE-2013-5424
The IBM Security Bulletin confirms CVE-2013-5424 affects IBM Flex System Manager (FSM) 1.3.0, where an expired password for the system-level USERID lets an attacker bypass access controls and create rogue accounts or execute tasks. Affected product/version: FSM 1.3.0. Root cause: expired system-l...
CVE-2013-5438
IBM Flex System Manager (FSM) web server versions 1.1.0–1.3 are affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary HTML/JavaScript via unsanitized input. The IBM bulletin notes a CVSS base score of 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) and lists aff...
CVE-2014-0897
The CVE-2014-0897 entry concerns IBM Flex System Manager (FSM) and its Configuration Patterns component. The issue is that FSM versions 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x use a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation. This weak cryptographi...
CVE-2013-5423
Summary: CVE-2013-5423 affects IBM Flex System Manager (FSM) and IBM Systems Director in related advisories. The vulnerability allows an unauthenticated or unauthorized attacker to enumerate the list of user accounts in FSM/ISD, which could facilitate brute-force or unauthorized access attempts. ...
CVE-2014-6147
CVE-2014-6147 affects IBM Flex System Manager (FSM) versions 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.x, 1.3.1.x, and 1.3.2.0. An authenticated user can obtain sensitive data and use it to escalate privileges or impersonate other users via unspecified vectors. IBM’s advisory notes remediation via code up...