Ibm Advanced Management Module vulnerabilities

CVE-2013-4007 [LOW] CWE-79 CVE-2013-4007: Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2010-2656 [MEDIUM] CWE-264 CVE-2010-2656: The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly ot The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz

CVE-2010-2655 [MEDIUM] CWE-22 CVE-2010-2655: Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advance Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.

CVE-2010-2654 [MEDIUM] CWE-79 CVE-2010-2654: Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/pow

CVE-2010-1460 [MEDIUM] CWE-399 CVE-2010-1460: The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data.

CVE-2009-1289 [MEDIUM] CWE-200 CVE-2009-1289: private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the Blad private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.

CVE-2009-1288 [MEDIUM] CWE-79 CVE-2009-1288: Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the I Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.

CVE-2009-1290 [MEDIUM] CWE-352 CVE-2009-1290: Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in th Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action scrip