CVE-2014-0860
https://notcve.org/view.php?id=CVE-2014-0860
The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface. El firmware anterior a 3.66E en IBM BladeCenter Advanced Management Module (AMM), el firmware anterior a 1.43 en IBM Integrated Management Module (IMM), y el firmware anterior a 4.15 en IBM Integrated Management Module II (IMM2) contiene los credenciales IPMI en texto claro, lo que permite a atacantes remotos ejecutar comandos IPMI arbitrarios, y como consecuencia establecer una sesión de control remoto blade, mediante el aprovechamiento del acceso a (1) el chassis internal network o (2) la interfaz 'Ethernet-over-USB'. • http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840 https://exchange.xforce.ibmcloud.com/vulnerabilities/90880 • CWE-310: Cryptographic Issues •
CVE-2013-6718
https://notcve.org/view.php?id=CVE-2013-6718
The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface. Advanced Management Module (AMM) con firmware 3.64B, 3.64C, y 3.64G para sistemas IBM BladeCenter permite a atacantes remotos descubrir nombres de cuentas y contraseñas a través del uso de una interfaz no especificada. • http://osvdb.org/100397 http://secunia.com/advisories/55921 http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_bladecenter_advanced_management_module_account_information_exposure_cve_2013_6718 http://www.securityfocus.com/bid/64032 https://exchange.xforce.ibmcloud.com/vulnerabilities/89174 • CWE-310: Cryptographic Issues •
CVE-2009-3935
https://notcve.org/view.php?id=CVE-2009-3935
Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en el firmware de Advanced Management Module, en versiones anteriores a la 2.50G, para el IBM BladeCenter T 8720-2xx y 8730-2xx tienen un impacto y unos vectores de ataque desconocidos. • ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg http://www.securityfocus.com/bid/36970 http://www.vupen.com/english/advisories/2009/3188 •