CVE-2009-1288
IBM Bladecenter Advanced Management Module 1.42 - '/private/file_Management.ssi?PATH' Cross-Site Scripting
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
Varias vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el "Advanced Management Module" (AMM) o módulo de gestión avanzada de BladeCenter de IBM, incluyendo el BladeCenter H con BPET36H 54. Permiten a usuarios remotos inyectar código web script o HTML de su elección a través de (1) el nombre de usuario en una acción de login o (2) el parámetro PATH de private/file_management.ssi en el gestor de ficheros.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-04-09 First Exploit
- 2009-04-13 CVE Reserved
- 2009-04-13 CVE Published
- 2023-07-17 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/53657 | Vdb Entry | |
| http://osvdb.org/53658 | Vdb Entry | |
| http://securitytracker.com/id?1022025 | Vdb Entry | |
| http://www.louhinetworks.fi/advisory/ibm_090409.txt | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/502582/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/32895 | 2009-04-09 | |
| https://www.exploit-db.com/exploits/32894 | 2009-04-09 | |
| http://www.securityfocus.com/bid/34447 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | e Search vendor "Ibm" for product "Bladecenter" and version "e" | 1881 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | e Search vendor "Ibm" for product "Bladecenter" and version "e" | 7967 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | e Search vendor "Ibm" for product "Bladecenter" and version "e" | 8677 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | h Search vendor "Ibm" for product "Bladecenter" and version "h" | 7989 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | h Search vendor "Ibm" for product "Bladecenter" and version "h" | 8852 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hc10 Search vendor "Ibm" for product "Bladecenter" and version "hc10" | 7996 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs12 Search vendor "Ibm" for product "Bladecenter" and version "hs12" | 1916 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs12 Search vendor "Ibm" for product "Bladecenter" and version "hs12" | 8014 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs12 Search vendor "Ibm" for product "Bladecenter" and version "hs12" | 8028 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs20 Search vendor "Ibm" for product "Bladecenter" and version "hs20" | 1883 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs21 Search vendor "Ibm" for product "Bladecenter" and version "hs21" | 1885 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs21 Search vendor "Ibm" for product "Bladecenter" and version "hs21" | 8853 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs21_xm Search vendor "Ibm" for product "Bladecenter" and version "hs21_xm" | 1915 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs21_xm Search vendor "Ibm" for product "Bladecenter" and version "hs21_xm" | 7995 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | ht Search vendor "Ibm" for product "Bladecenter" and version "ht" | 8740 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | ht Search vendor "Ibm" for product "Bladecenter" and version "ht" | 8750 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | js12 Search vendor "Ibm" for product "Bladecenter" and version "js12" | 7998 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | js21 Search vendor "Ibm" for product "Bladecenter" and version "js21" | 7988 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | js21 Search vendor "Ibm" for product "Bladecenter" and version "js21" | 8844 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | js22 Search vendor "Ibm" for product "Bladecenter" and version "js22" | 7998 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | ls20 Search vendor "Ibm" for product "Bladecenter" and version "ls20" | 8850 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | ls21 Search vendor "Ibm" for product "Bladecenter" and version "ls21" | 7971 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | ls41 Search vendor "Ibm" for product "Bladecenter" and version "ls41" | 7972 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | qs21 Search vendor "Ibm" for product "Bladecenter" and version "qs21" | 0792 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | qs22 Search vendor "Ibm" for product "Bladecenter" and version "qs22" | 0793 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | s Search vendor "Ibm" for product "Bladecenter" and version "s" | 1948 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | s Search vendor "Ibm" for product "Bladecenter" and version "s" | 8886 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | t Search vendor "Ibm" for product "Bladecenter" and version "t" | 8720 |
Affected
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | t Search vendor "Ibm" for product "Bladecenter" and version "t" | 8730 |
Affected
|