Ibm Bladecenter vulnerabilities

CVE-2013-4030 [MEDIUM] CWE-310 CVE-2013-4030: Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers suppo Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.

CVE-2013-4031 [CRITICAL] CWE-255 CVE-2013-4031: The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off,

CVE-2013-4037 [MEDIUM] CVE-2013-4037: The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a bru

CVE-2013-4038 [MEDIUM] CWE-310 CVE-2013-4038: The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.

CVE-2009-1289 [MEDIUM] CWE-200 CVE-2009-1289: private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the Blad private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.

CVE-2009-1288 [MEDIUM] CWE-79 CVE-2009-1288: Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the I Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.