PT-2009-3824 · Ibm · Ibm Bladecenter Advanced Management Module
Publicado
2009-04-13
·
Atualizado
2018-10-10
·
CVE-2009-1290
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IBM BladeCenter Advanced Management Module (AMM) (affected versions not specified)
Description
The issue affects the web administration interface of the Advanced Management Module (AMM) on the IBM BladeCenter. It involves multiple cross-site request forgery (CSRF) vulnerabilities that allow remote attackers to hijack the authentication of administrators. This can be demonstrated by a power-off request to the "private/blade power action" script, which can be exploited to perform unauthorized actions.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Bladecenter Advanced Management Module