CVE-2013-4038 : The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCe

The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.

Published 2013-08-09 23:55:03

Updated 2017-08-29 01:33:34

Source IBM Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-4038

Probability of exploitation activity in the next 30 days: 0.13%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 47 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-4038

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2013-4038

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-4038

https://exchange.xforce.ibmcloud.com/vulnerabilities/86174

IBM Integrated Management Module IPMI cleartext passwords CVE-2013-4038 Vulnerability Report
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463

IBM Security Bulletin: Risks of Using the Intelligent Platform Management Interface (IPMI) on the Integrated Management Module (IMM) and Integrated Management Module II (IMM2) (CVE-2013-4038, CVE-2013
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2013-4038

IBM » Bladecenter » Version: Hs22
cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Hs23e
cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: HX5
cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Hs22v
cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Hs23
cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*
Matching versions
IBM » Flex System X220 Compute Node » Version: N/A
cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*
Matching versions
IBM » Flex System X240 Compute Node » Version: N/A
cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*
Matching versions
IBM » Flex System X440 Compute Node » Version: N/A
cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*
Matching versions
IBM » System X Idataplex Dx360 M2 Server » Version: N/A
cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*
Matching versions
IBM » System X Idataplex Dx360 M3 Server » Version: N/A
cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*
Matching versions
IBM » System X Idataplex Dx360 M4 Server » Version: N/A
cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3100 M4 » Version: N/A
cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3200 M3 » Version: N/A
cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3250 M3 » Version: N/A
cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3250 M4 » Version: N/A
cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3400 M2 » Version: N/A
cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3400 M3 » Version: N/A
cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3500 M2 » Version: N/A
cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3500 M3 » Version: N/A
cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3500 M4 » Version: N/A
cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3530 M4 » Version: N/A
cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3550 M2 » Version: N/A
cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3550 M3 » Version: N/A
cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3550 M4 » Version: N/A
cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3620 M3 » Version: N/A
cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3630 M3 » Version: N/A
cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3630 M4 » Version: N/A
cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3650 M3 » Version: N/A
cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3650 M4 » Version: N/A
cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3650 M2 » Version: N/A
cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3690 X5 » Version: N/A
cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3750 M4 » Version: N/A
cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3850 X5 » Version: N/A
cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*
Matching versions
IBM » System X3950 X5 » Version: N/A
cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-4038

Exploit prediction scoring system (EPSS) score for CVE-2013-4038

CVSS scores for CVE-2013-4038

CWE ids for CVE-2013-4038

References for CVE-2013-4038

Products affected by CVE-2013-4038