IBM » Advanced Management Module : Security Vulnerabilities, CVEs,
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.
Max CVSS
6.8
EPSS Score
0.52%
Published
2009-04-13
Updated
2018-10-10
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
Max CVSS
4.3
EPSS Score
0.24%
Published
2009-04-13
Updated
2018-10-10
private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.
Max CVSS
4.0
EPSS Score
2.69%
Published
2009-04-13
Updated
2018-10-10
3 vulnerabilities found