Vulnerabilities > IBM > Bladecenter > ht
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-04-13 | CVE-2009-1290 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Advanced Management Module 1.36H Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script. | 6.8 |
2009-04-13 | CVE-2009-1289 | Information Exposure vulnerability in IBM Advanced Management Module and Bladecenter private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter. | 4.0 |
2009-04-13 | CVE-2009-1288 | Cross-Site Scripting vulnerability in IBM Advanced Management Module and Bladecenter Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager. | 4.3 |