Sign-up

ID

VAR-201212-0270


CVE

CVE-2012-4838


TITLE

IBM Flex System CMM and IMM2 Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2012-005680

DESCRIPTION

IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS private keys, (4) SNMPv3 communities, and (5) LDAP credentials by leveraging unspecified side effects of service or maintenance activity. (1) Local account (2) SSH Secret key (3) SSL/TLS Secret key (4) SNMPv3 community (5) LDAP Authentication. IBM Flex System is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. The following products are vulnerable: IBM Flex System CMM version 1.00.0 IBM Flex System CMM version 1.20.2 IBM Flex System IMM2 version 1.34 IBM Flex System IMM2 version 1.45 IBM Flex System IMM2 version 1.60

Trust: 1.89

sources: NVD: CVE-2012-4838 // JVNDB: JVNDB-2012-005680 // BID: 56850

AFFECTED PRODUCTS

vendor:ibmmodel:flex system chassis management modulescope:eqversion: -

Trust: 1.0

vendor:ibmmodel:integrated management module iiscope:eqversion: -

Trust: 1.0

vendor:ibmmodel:flex system chassis management modulescope: - version: -

Trust: 0.8

vendor:ibmmodel:flex system integrated management modulescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2012-005680 // NVD: CVE-2012-4838

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4838
value: LOW

Trust: 1.0

NVD: CVE-2012-4838
value: LOW

Trust: 0.8

CNNVD: CNNVD-201212-109
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2012-4838
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2012-005680 // CNNVD: CNNVD-201212-109 // NVD: CVE-2012-4838

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-DesignError

Trust: 0.8

sources: JVNDB: JVNDB-2012-005680 // NVD: CVE-2012-4838

THREAT TYPE

local

Trust: 0.9

sources: BID: 56850 // CNNVD: CNNVD-201212-109

TYPE

Design Error

Trust: 0.3

sources: BID: 56850

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-005680

PATCH
title:Security Bulletin: Buffer overrun vulnerability when executing unspecified SQL statements in IBM Informix (CVE-2012-4857)url:https://www.ibm.com/connections/blogs/PSIRT/entry/flex_system_chassis_management_module_cmm_and_integrated_management_module_2_imm2_potential_security_vulnerability_with_authentication_data_cve_2012_4838_ibm_flex_system8
Trust: 0.8
title:ibm_fw_cmm_2pet10k_anyos_noarchurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45330
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2012-005680 // 
            
            
            
            CNNVD: CNNVD-201212-109

EXTERNAL IDS
db:NVDid:CVE-2012-4838
Trust: 2.7
db:JVNDBid:JVNDB-2012-005680
Trust: 0.8
db:CNNVDid:CNNVD-201212-109
Trust: 0.6
db:BIDid:56850
Trust: 0.3
sources:
            
            
            BID: 56850 // 
            
            
            
            JVNDB: JVNDB-2012-005680 // 
            
            
            
            CNNVD: CNNVD-201212-109 // 
            
            
            
            NVD: CVE-2012-4838

REFERENCES
url:https://www.ibm.com/connections/blogs/psirt/entry/flex_system_chassis_management_module_cmm_and_integrated_management_module_2_imm2_potential_security_vulnerability_with_authentication_data_cve_2012_4838_ibm_flex_system8
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/79020
Trust: 1.6
url:https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=migr-5092001
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4838
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4838
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
sources:
            
            
            BID: 56850 // 
            
            
            
            JVNDB: JVNDB-2012-005680 // 
            
            
            
            CNNVD: CNNVD-201212-109 // 
            
            
            
            NVD: CVE-2012-4838

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 56850

SOURCES
db:BIDid:56850
db:JVNDBid:JVNDB-2012-005680
db:CNNVDid:CNNVD-201212-109
db:NVDid:CVE-2012-4838

LAST UPDATE DATE
2024-11-23T23:10:00.612000+00:00

SOURCES UPDATE DATE
db:BIDid:56850date:2012-12-07T00:00:00
db:JVNDBid:JVNDB-2012-005680date:2012-12-12T00:00:00
db:CNNVDid:CNNVD-201212-109date:2021-11-09T00:00:00
db:NVDid:CVE-2012-4838date:2024-11-21T01:43:35.543

SOURCES RELEASE DATE
db:BIDid:56850date:2012-12-07T00:00:00
db:JVNDBid:JVNDB-2012-005680date:2012-12-12T00:00:00
db:CNNVDid:CNNVD-201212-109date:2012-12-10T00:00:00
db:NVDid:CVE-2012-4838date:2012-12-08T15:55:01.103