CVE-2009-1289 — Sensitive Information Exposure in IBM Advanced Management Module

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 56.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Advanced Management Module IBM Bladecenter

Timeline

PublishedApr 13

Latest updateMay 2

Description

private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/advanced_management_module1.36h

▶NVDibm/bladecenter18 versions+17

🔴Vulnerability Details

GHSA

GHSA-7gjh-8xw7-vwcv: private/login↗2022-05-02

▶

CVEList

CVE-2009-1289: private/login↗2009-04-13

▶

📋Vendor Advisories

Red Hat

mysql: incomplete upstream fix for CVE-2008-2079↗2008-07-03

▶