CVE-2013-5438
https://notcve.org/view.php?id=CVE-2013-5438
Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en el servidor web de IBM Flex System Manager (FSM) 1.1.0 hasta 1.3 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores no especificados. • http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_flex_system_manager_web_server_allows_generic_xss_cve_2013_5438 http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5094212 https://exchange.xforce.ibmcloud.com/vulnerabilities/87753 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-5424
https://notcve.org/view.php?id=CVE-2013-5424
IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account. IBM Flex System Manager (FSM) 1.3.0 permite a atacantes remotos evitar las restricciones de acceso previstos, y crear nuevas cuentas de usuario o ejecutar tareas, mediante el aprovechamiento de una contraseña caducada para la cuenta de nivel de sistema. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96952 http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093938 https://exchange.xforce.ibmcloud.com/vulnerabilities/87486 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4031
https://notcve.org/view.php?id=CVE-2013-4031
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors. La implementación Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, y System x3### tiene una contraseña predeterminada para una cuenta de usuario IPMI, lo que hace más fácil para los atacantes remotos realizar el encendido, apagado, reinicio, o añadir o modificar las cuentas, a través de vectores no especificados. • http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 https://exchange.xforce.ibmcloud.com/vulnerabilities/86172 • CWE-255: Credentials Management Errors •
CVE-2013-4038
https://notcve.org/view.php?id=CVE-2013-4038
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file. La implementación Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, y System x3###, utiliza texto claro para el almacenamiento de contraseñas, lo que permite a atacantes, según el contexto, obtener información confidencial mediante la lectura de un archivo. • http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 https://exchange.xforce.ibmcloud.com/vulnerabilities/86174 • CWE-310: Cryptographic Issues •
CVE-2013-4037
https://notcve.org/view.php?id=CVE-2013-4037
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack. El protocolo RAKP soportado en la implementación Intelligent Platform Management Interface (IPMI) en Integrated Management Module (IMM) y Integrated Management Module II (IMM2) en servidores IBM BladeCenter, Flex System, System x iDataPlex, and System x3###, envía una contraseña hash al cliente, lo que hace que sea más fácil para los atacantes remotos obtener acceso a través de un ataque de fuerza bruta. • http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463 https://exchange.xforce.ibmcloud.com/vulnerabilities/86173 •