CVE-2009-1290
IBM Bladecenter Advanced Management Module 1.42 - Cross-Site Request Forgery
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.
Múltiples vulnerabilidades de falsificación de petición en sitios cruzados(CSRF) en la interfaz de administración web en el Módulo de Gestión Avanzada (AMM) en el IBM BladeCenter, incluidos los BladeCenter H con BPET36H 54, permiten a atacantes remotos realizar acciones no autorizadas como administradores, como lo demuestra una solicitud de apagado al script private/blade_power_action.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-04-09 First Exploit
- 2009-04-13 CVE Reserved
- 2009-04-13 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/53660 | Vdb Entry | |
| http://securitytracker.com/id?1022025 | Vdb Entry | |
| http://www.louhinetworks.fi/advisory/ibm_090409.txt | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/502582/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/32896 | 2009-04-09 | |
| http://www.securityfocus.com/bid/34447 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | e Search vendor "Ibm" for product "Bladecenter" and version "e" | 1881 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | e Search vendor "Ibm" for product "Bladecenter" and version "e" | 7967 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | e Search vendor "Ibm" for product "Bladecenter" and version "e" | 8677 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | h Search vendor "Ibm" for product "Bladecenter" and version "h" | 7989 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | h Search vendor "Ibm" for product "Bladecenter" and version "h" | 8852 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hc10 Search vendor "Ibm" for product "Bladecenter" and version "hc10" | 7996 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs12 Search vendor "Ibm" for product "Bladecenter" and version "hs12" | 1916 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs12 Search vendor "Ibm" for product "Bladecenter" and version "hs12" | 8014 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs12 Search vendor "Ibm" for product "Bladecenter" and version "hs12" | 8028 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs20 Search vendor "Ibm" for product "Bladecenter" and version "hs20" | 1883 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs21 Search vendor "Ibm" for product "Bladecenter" and version "hs21" | 1885 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs21 Search vendor "Ibm" for product "Bladecenter" and version "hs21" | 8853 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs21_xm Search vendor "Ibm" for product "Bladecenter" and version "hs21_xm" | 1915 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs21_xm Search vendor "Ibm" for product "Bladecenter" and version "hs21_xm" | 7995 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | ht Search vendor "Ibm" for product "Bladecenter" and version "ht" | 8740 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | ht Search vendor "Ibm" for product "Bladecenter" and version "ht" | 8750 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | js12 Search vendor "Ibm" for product "Bladecenter" and version "js12" | 7998 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | js21 Search vendor "Ibm" for product "Bladecenter" and version "js21" | 7988 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | js21 Search vendor "Ibm" for product "Bladecenter" and version "js21" | 8844 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | js22 Search vendor "Ibm" for product "Bladecenter" and version "js22" | 7998 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | ls20 Search vendor "Ibm" for product "Bladecenter" and version "ls20" | 8850 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | ls21 Search vendor "Ibm" for product "Bladecenter" and version "ls21" | 7971 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | ls41 Search vendor "Ibm" for product "Bladecenter" and version "ls41" | 7972 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | qs21 Search vendor "Ibm" for product "Bladecenter" and version "qs21" | 0792 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | qs22 Search vendor "Ibm" for product "Bladecenter" and version "qs22" | 0793 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | s Search vendor "Ibm" for product "Bladecenter" and version "s" | 1948 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | s Search vendor "Ibm" for product "Bladecenter" and version "s" | 8886 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | t Search vendor "Ibm" for product "Bladecenter" and version "t" | 8720 |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | 1.36h Search vendor "Ibm" for product "Advanced Management Module" and version "1.36h" | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | t Search vendor "Ibm" for product "Bladecenter" and version "t" | 8730 |
Safe
|