Vulnerabilities > CVE-2013-4038 - Cryptographic Issues vulnerability in IBM products

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ibm

CWE-310

NVD

Published: 2013-08-09

Updated: 2017-08-29

Summary

The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.

Vulnerable Configurations

Part	Description	Count
Hardware	Ibm IBM Bladecenter Hs22 IBM Bladecenter Hs22V IBM Bladecenter Hs23 IBM Bladecenter Hs23E IBM Bladecenter Hx5 IBM Flex System X220 Compute Node - IBM Flex System X240 Compute Node - IBM Flex System X440 Compute Node - IBM System X3100 M4 - IBM System X3200 M3 - IBM System X3250 M3 - IBM System X3250 M4 - IBM System X3400 M2 - IBM System X3400 M3 - IBM System X3500 M2 - IBM System X3500 M3 - IBM System X3500 M4 - IBM System X3530 M4 - IBM System X3550 M2 - IBM System X3550 M3 - IBM System X3550 M4 - IBM System X3620 M3 - IBM System X3630 M3 - IBM System X3630 M4 - IBM System X3650 M2 - IBM System X3650 M3 - IBM System X3650 M4 - IBM System X3690 X5 - IBM System X3750 M4 - IBM System X3850 X5 - IBM System X3950 X5 - IBM System X Idataplex Dx360 M2 Server - IBM System X Idataplex Dx360 M3 Server - IBM System X Idataplex Dx360 M4 Server -	34

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References