PT-2009-3824 · Ibm · Ibm Bladecenter Advanced Management Module

Published

2009-04-13

Updated

2018-10-10

CVE-2009-1290

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM BladeCenter Advanced Management Module (AMM) (affected versions not specified)

Description The issue affects the web administration interface of the Advanced Management Module (AMM) on the IBM BladeCenter. It involves multiple cross-site request forgery (CSRF) vulnerabilities that allow remote attackers to hijack the authentication of administrators. This can be demonstrated by a power-off request to the "private/blade power action" script, which can be exploited to perform unauthorized actions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2009-1290

Affected Products

Ibm Bladecenter Advanced Management Module

PT-2009-3824 · Ibm · Ibm Bladecenter Advanced Management Module

CVE-2009-1290

Weakness Enumeration

Related Identifiers

Affected Products

References · 8