CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8232
https://notcve.org/view.php?id=CVE-2016-8232
01 Mar 2017 — Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information. Vulnerabilidad de XSS basada en Document Object Model-(DOM) en Advanced Management Module (AMM) versiones anteriores ... • http://www.securityfocus.com/bid/95839 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 2%CPEs: 42EXPL: 0CVE-2014-4752
https://notcve.org/view.php?id=CVE-2014-4752
23 Sep 2014 — IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; an... • http://secunia.com/advisories/54512 •
CVSS: 5.9EPSS: 0%CPEs: 33EXPL: 0CVE-2013-4030
https://notcve.org/view.php?id=CVE-2013-4030
21 Jan 2014 — Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic. Integrated Management Module (IMM) 2 1.00 hasta 2.00 de los servidores IBM System X y Flex System soporta conjuntos de cifrado SSL con claves cortas, lo que hace que sea más fácil para los atacantes remotos romper la protec... • http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 44EXPL: 1CVE-2013-4007 – IBM Advanced Management Module Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-4007
12 Aug 2013 — Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en adv_sw.php en Advanced Management Module (AMM) con firmware BBET anterior a BBET64G y BPET anterior a BPET64G para sistemas IBM BladeCenter, permite a atacantes remotos inyectar web scripts arbitrar... • https://packetstorm.news/files/id/122786 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 2%CPEs: 34EXPL: 0CVE-2013-4031
https://notcve.org/view.php?id=CVE-2013-4031
09 Aug 2013 — The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors. La implementación Intelligent Platform Management Interface (IPMI) en Integrated Manageme... • http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 34EXPL: 0CVE-2013-4037
https://notcve.org/view.php?id=CVE-2013-4037
09 Aug 2013 — The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack. El protocolo RAKP soportado en la implementación Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IM... • http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 •
CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2013-4038
https://notcve.org/view.php?id=CVE-2013-4038
09 Aug 2013 — The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file. La implementación Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x ... • http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 3%CPEs: 40EXPL: 4CVE-2010-2654 – IBM Bladecenter Management - Multiple Web Application Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2654
07 Jul 2010 — Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_... • https://www.exploit-db.com/exploits/14237 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 19%CPEs: 38EXPL: 4CVE-2010-2655 – IBM Bladecenter Management - Multiple Web Application Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2655
07 Jul 2010 — Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter. Vulnerabilidad de salto de directorio en private/file_management.php en el BladeCenter de IBM con el Advanced Management Module (AMM) firmware build ID BPET48L, y ... • https://www.exploit-db.com/exploits/14237 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 17%CPEs: 38EXPL: 4CVE-2010-2656 – IBM Bladecenter Management - Multiple Web Application Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2656
07 Jul 2010 — The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz. El BladeCenter de IBM con Advanced Management Module (AMM) firmware build ID BPET48L, y posiblemente otras versiones anteriores a v4.7 y v5.0, almacena infor... • https://www.exploit-db.com/exploits/14237 • CWE-264: Permissions, Privileges, and Access Controls •