CVE-2013-5423
https://notcve.org/view.php?id=CVE-2013-5423
IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors. IBM Flex System Manager (FSM) 1.1 hasta 1.3 anterior a 1.3.2.0 permite a atacantes remotos enumerar cuentas de usuarios a través de vectores no especificados. • http://secunia.com/advisories/58948 http://www-01.ibm.com/support/docview.wss?uid=swg1IT00278 http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095891 http://www.securityfocus.com/bid/68370 https://exchange.xforce.ibmcloud.com/vulnerabilities/87485 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-4030
https://notcve.org/view.php?id=CVE-2013-4030
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic. Integrated Management Module (IMM) 2 1.00 hasta 2.00 de los servidores IBM System X y Flex System soporta conjuntos de cifrado SSL con claves cortas, lo que hace que sea más fácil para los atacantes remotos romper la proteccion criptografica de los mecanismos de de cifrado a través de (1) un ataque de fuerza bruta contra SSL o (2) El tráfico TLS. • http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301 https://exchange.xforce.ibmcloud.com/vulnerabilities/86068 • CWE-310: Cryptographic Issues •
CVE-2013-5438
https://notcve.org/view.php?id=CVE-2013-5438
Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en el servidor web de IBM Flex System Manager (FSM) 1.1.0 hasta 1.3 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores no especificados. • http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_flex_system_manager_web_server_allows_generic_xss_cve_2013_5438 http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5094212 https://exchange.xforce.ibmcloud.com/vulnerabilities/87753 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-5424
https://notcve.org/view.php?id=CVE-2013-5424
IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account. IBM Flex System Manager (FSM) 1.3.0 permite a atacantes remotos evitar las restricciones de acceso previstos, y crear nuevas cuentas de usuario o ejecutar tareas, mediante el aprovechamiento de una contraseña caducada para la cuenta de nivel de sistema. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96952 http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093938 https://exchange.xforce.ibmcloud.com/vulnerabilities/87486 • CWE-264: Permissions, Privileges, and Access Controls •