Details of VAR-200911-0144

ID

VAR-200911-0144

CVE

CVE-2009-3935

TITLE

IBM BladeCenter T For Advanced Management Module Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-005113

DESCRIPTION

Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors. The impact of these issues is currently unknown. We will update this BID when more information emerges. Versions prior to BladeCenter Advanced Management Module 2.50G are vulnerable. IBM BladeCenter is IBM's blade server

Trust: 1.98

sources: NVD: CVE-2009-3935 // JVNDB: JVNDB-2009-005113 // BID: 36970 // VULHUB: VHN-41381

AFFECTED PRODUCTS

vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.26e	Trust: 1.6
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.26b	Trust: 1.6
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.20f	Trust: 1.6
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.36d	Trust: 1.6
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.20	Trust: 1.6
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.01	Trust: 1.6
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.25e	Trust: 1.6
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.25i	Trust: 1.6
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.00	Trust: 1.6
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.25	Trust: 1.6
vendor:	ibm	model:	advanced management module	scope:	eq	version:	2.48c	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.28g	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.42f	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.34e	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.42t	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.26i	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.34b	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.42i	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.42o	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.32d	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.42n	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.26h	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.36g	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.36h	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.36k	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.42d	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	lte	version:	2.50c	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	2.48g	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	2.48l	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	1.26k	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	2.46c	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	2.46j	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	2.48n	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	eq	version:	2.48d	Trust: 1.0
vendor:	ibm	model:	advanced management module	scope:	lt	version:	2.50g	Trust: 0.8
vendor:	ibm	model:	bladecenter t chassis	scope:	eq	version:	8730	Trust: 0.3
vendor:	ibm	model:	bladecenter t chassis	scope:	eq	version:	8720	Trust: 0.3
vendor:	ibm	model:	bladecenter ls41	scope:	eq	version:	7972	Trust: 0.3
vendor:	ibm	model:	bladecenter ls21	scope:	eq	version:	7971	Trust: 0.3
vendor:	ibm	model:	bladecenter ls20	scope:	eq	version:	8850	Trust: 0.3
vendor:	ibm	model:	bladecenter js21	scope:	eq	version:	8844	Trust: 0.3
vendor:	ibm	model:	bladecenter js21	scope:	eq	version:	7988	Trust: 0.3
vendor:	ibm	model:	bladecenter js20	scope:	eq	version:	8842	Trust: 0.3
vendor:	ibm	model:	bladecenter hs40	scope:	eq	version:	8839	Trust: 0.3
vendor:	ibm	model:	bladecenter hs21 xm	scope:	eq	version:	7995	Trust: 0.3
vendor:	ibm	model:	bladecenter hs21 xm	scope:	eq	version:	1915	Trust: 0.3
vendor:	ibm	model:	bladecenter hs21	scope:	eq	version:	8853	Trust: 0.3
vendor:	ibm	model:	bladecenter hs21	scope:	eq	version:	7995	Trust: 0.3
vendor:	ibm	model:	bladecenter hs21	scope:	eq	version:	1885	Trust: 0.3
vendor:	ibm	model:	bladecenter hs20	scope:	eq	version:	8843	Trust: 0.3
vendor:	ibm	model:	bladecenter hs20	scope:	eq	version:	8832	Trust: 0.3
vendor:	ibm	model:	bladecenter hs20	scope:	eq	version:	8678	Trust: 0.3
vendor:	ibm	model:	bladecenter hs20	scope:	eq	version:	7981	Trust: 0.3
vendor:	ibm	model:	bladecenter hs20	scope:	eq	version:	1884	Trust: 0.3
vendor:	ibm	model:	bladecenter hs20	scope:	eq	version:	1883	Trust: 0.3
vendor:	ibm	model:	bladecenter hs12	scope:	eq	version:	8028	Trust: 0.3
vendor:	ibm	model:	bladecenter hs12	scope:	eq	version:	8014	Trust: 0.3
vendor:	ibm	model:	bladecenter hs12	scope:	eq	version:	1916	Trust: 0.3
vendor:	ibm	model:	bladecenter advanced management module	scope:	eq	version:	2.50	Trust: 0.3
vendor:	ibm	model:	bladecenter advanced management module 1.42u build bpet42u	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	bladecenter advanced management module 1.42u build bbet42u	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	bladecenter advanced management module	scope:	eq	version:	1.42	Trust: 0.3
vendor:	ibm	model:	bladecenter advanced management module g	scope:	ne	version:	2.50	Trust: 0.3

sources: BID: 36970 // JVNDB: JVNDB-2009-005113 // CNNVD: CNNVD-200911-142 // NVD: CVE-2009-3935

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-3935
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-3935
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200911-142
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-41381
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-3935
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-41381
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-41381 // JVNDB: JVNDB-2009-005113 // CNNVD: CNNVD-200911-142 // NVD: CVE-2009-3935

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2009-3935

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200911-142

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200911-142

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-005113

PATCH

title:

Advanced Management Module Firmware Update

url:

ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg

Trust: 0.8

sources: JVNDB: JVNDB-2009-005113

EXTERNAL IDS

db:	NVD	id:	CVE-2009-3935	Trust: 2.5
db:	BID	id:	36970	Trust: 2.0
db:	VUPEN	id:	ADV-2009-3188	Trust: 1.7
db:	JVNDB	id:	JVNDB-2009-005113	Trust: 0.8
db:	CNNVD	id:	CNNVD-200911-142	Trust: 0.7
db:	VULHUB	id:	VHN-41381	Trust: 0.1

sources: VULHUB: VHN-41381 // BID: 36970 // JVNDB: JVNDB-2009-005113 // CNNVD: CNNVD-200911-142 // NVD: CVE-2009-3935

REFERENCES

url:	ftp://download2.boulder.ibm.com/ecc/sar/cma/xsa/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg	Trust: 2.0
url:	http://www.securityfocus.com/bid/36970	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3188	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3935	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3935	Trust: 0.8
url:	http://publib.boulder.ibm.com/infocenter/clresctr/vxrx/index.jsp?topic=/com.ibm.cluster.csm16.install.doc/am7il_blademm.html	Trust: 0.3

sources: VULHUB: VHN-41381 // BID: 36970 // JVNDB: JVNDB-2009-005113 // CNNVD: CNNVD-200911-142 // NVD: CVE-2009-3935

CREDITS

IBM

Trust: 0.9

sources: BID: 36970 // CNNVD: CNNVD-200911-142

SOURCES

db:	VULHUB	id:	VHN-41381
db:	BID	id:	36970
db:	JVNDB	id:	JVNDB-2009-005113
db:	CNNVD	id:	CNNVD-200911-142
db:	NVD	id:	CVE-2009-3935

LAST UPDATE DATE

2024-11-23T23:06:37.378000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-41381	date:	2010-01-06T00:00:00
db:	BID	id:	36970	date:	2009-11-12T20:06:00
db:	JVNDB	id:	JVNDB-2009-005113	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200911-142	date:	2009-11-12T00:00:00
db:	NVD	id:	CVE-2009-3935	date:	2024-11-21T01:08:33.093

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-41381	date:	2009-11-12T00:00:00
db:	BID	id:	36970	date:	2009-11-10T00:00:00
db:	JVNDB	id:	JVNDB-2009-005113	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200911-142	date:	2009-11-12T00:00:00
db:	NVD	id:	CVE-2009-3935	date:	2009-11-12T17:54:58.610