4

CVE-2009-1289

Exploit

private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.

Data is provided by the National Vulnerability Database (NVD)
IbmAdvanced Management Module Version1.36h
IbmBladecenter Versione Edition1881
IbmBladecenter Versione Edition7967
IbmBladecenter Versione Edition8677
IbmBladecenter Versionh Edition7989
IbmBladecenter Versionh Edition8852
IbmBladecenter Versionhc10 Edition7996
IbmBladecenter Versionhs12 Edition1916
IbmBladecenter Versionhs12 Edition8014
IbmBladecenter Versionhs12 Edition8028
IbmBladecenter Versionhs20 Edition1883
IbmBladecenter Versionhs21 Edition1885
IbmBladecenter Versionhs21 Edition8853
IbmBladecenter Versionhs21_xm Edition1915
IbmBladecenter Versionhs21_xm Edition7995
IbmBladecenter Versionht Edition8740
IbmBladecenter Versionht Edition8750
IbmBladecenter Versionjs12 Edition7998
IbmBladecenter Versionjs21 Edition7988
IbmBladecenter Versionjs21 Edition8844
IbmBladecenter Versionjs22 Edition7998
IbmBladecenter Versionls20 Edition8850
IbmBladecenter Versionls21 Edition7971
IbmBladecenter Versionls41 Edition7972
IbmBladecenter Versionqs21 Edition0792
IbmBladecenter Versionqs22 Edition0793
IbmBladecenter Versions Edition1948
IbmBladecenter Versions Edition8886
IbmBladecenter Versiont Edition8720
IbmBladecenter Versiont Edition8730
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.21% 0.402
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.