Details of VAR-201308-0227

ID

VAR-201308-0227

CVE

CVE-2013-4031

TITLE

plural IBM Operates on server products Integrated Management Module Vulnerable to performing power actions

Trust: 0.8

sources: JVNDB: JVNDB-2013-003697

DESCRIPTION

The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors. System X3250 M4 is prone to a denial-of-service vulnerability

Trust: 1.98

sources: NVD: CVE-2013-4031 // JVNDB: JVNDB-2013-003697 // BID: 78033 // VULMON: CVE-2013-4031

AFFECTED PRODUCTS

vendor:	ibm	model:	bladecenter	scope:	eq	version:	hs22	Trust: 2.4
vendor:	ibm	model:	bladecenter	scope:	eq	version:	hs22v	Trust: 2.4
vendor:	ibm	model:	bladecenter	scope:	eq	version:	hs23	Trust: 2.4
vendor:	ibm	model:	bladecenter	scope:	eq	version:	hs23e	Trust: 2.4
vendor:	ibm	model:	bladecenter	scope:	eq	version:	hx5	Trust: 2.4
vendor:	ibm	model:	flex system x220 compute node	scope:	eq	version:	-	Trust: 1.6
vendor:	ibm	model:	flex system x240 compute node	scope:	eq	version:	-	Trust: 1.6
vendor:	ibm	model:	system x3200 m3	scope:	eq	version:	-	Trust: 1.6
vendor:	ibm	model:	system x3100 m4	scope:	eq	version:	-	Trust: 1.6
vendor:	ibm	model:	system x idataplex dx360 m4 server	scope:	eq	version:	-	Trust: 1.6
vendor:	ibm	model:	system x3550 m2	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3550 m4	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3250 m3	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3530 m4	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3500 m4	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3650 m3	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3500 m2	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3400 m2	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3550 m3	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3620 m3	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3630 m3	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3250 m4	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3850 x5	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3650 m4	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3950 x5	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3400 m3	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	flex system x440 compute node	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3500 m3	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3650 m2	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3690 x5	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3630 m4	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x idataplex dx360 m2 server	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x3750 m4	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system x idataplex dx360 m3 server	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	flex system x220 compute node	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	flex system x240 compute node	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	flex system x440 compute node	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x idataplex dx360 m2	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x idataplex dx360 m3	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x idataplex dx360 m4	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3100 m4	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3200 m3	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3250 m3	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3250 m4	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3400 m2	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3400 m3	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3500 m2	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3500 m3	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3500 m4	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3530 m4	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3550 m2	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3550 m3	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3550 m4	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3620 m3	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3630 m3	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3630 m4	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3650 m2	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3650 m3	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3650 m4	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3690 x5	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3750 m4	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3850 x5	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system x3950 x5	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system	scope:	eq	version:	x3950x5-	Trust: 0.3
vendor:	ibm	model:	system	scope:	eq	version:	x3850x5-	Trust: 0.3
vendor:	ibm	model:	system m4	scope:	eq	version:	x3750-	Trust: 0.3
vendor:	ibm	model:	system	scope:	eq	version:	x3690x5-	Trust: 0.3
vendor:	ibm	model:	system m4	scope:	eq	version:	x3650-	Trust: 0.3
vendor:	ibm	model:	system m3	scope:	eq	version:	x3650-	Trust: 0.3
vendor:	ibm	model:	system m2	scope:	eq	version:	x3650-	Trust: 0.3
vendor:	ibm	model:	system m4	scope:	eq	version:	x3630-	Trust: 0.3
vendor:	ibm	model:	system m3	scope:	eq	version:	x3630-	Trust: 0.3
vendor:	ibm	model:	system m3	scope:	eq	version:	x3620-	Trust: 0.3
vendor:	ibm	model:	system m4	scope:	eq	version:	x3550-	Trust: 0.3
vendor:	ibm	model:	system m3	scope:	eq	version:	x3550-	Trust: 0.3
vendor:	ibm	model:	system m2	scope:	eq	version:	x3550-	Trust: 0.3
vendor:	ibm	model:	system m4	scope:	eq	version:	x3530-	Trust: 0.3
vendor:	ibm	model:	system m4	scope:	eq	version:	x3500-	Trust: 0.3
vendor:	ibm	model:	system m3	scope:	eq	version:	x3500-	Trust: 0.3
vendor:	ibm	model:	system m2	scope:	eq	version:	x3500-	Trust: 0.3
vendor:	ibm	model:	system m3	scope:	eq	version:	x3400-	Trust: 0.3
vendor:	ibm	model:	system m2	scope:	eq	version:	x3400-	Trust: 0.3
vendor:	ibm	model:	system m4	scope:	eq	version:	x3250-	Trust: 0.3
vendor:	ibm	model:	system m3	scope:	eq	version:	x3250-	Trust: 0.3
vendor:	ibm	model:	system m3	scope:	eq	version:	x3200-	Trust: 0.3
vendor:	ibm	model:	system m4	scope:	eq	version:	x3100-	Trust: 0.3
vendor:	ibm	model:	system idataplex dx360 m4 server	scope:	eq	version:	x-	Trust: 0.3
vendor:	ibm	model:	system idataplex dx360 m3 server	scope:	eq	version:	x-	Trust: 0.3
vendor:	ibm	model:	system idataplex dx360 m2 server	scope:	eq	version:	x-	Trust: 0.3
vendor:	ibm	model:	flex system compute node	scope:	eq	version:	x440-	Trust: 0.3
vendor:	ibm	model:	flex system compute node	scope:	eq	version:	x240-	Trust: 0.3
vendor:	ibm	model:	flex system compute node	scope:	eq	version:	x220-	Trust: 0.3
vendor:	ibm	model:	bladecenter hx5	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	bladecenter hs23e	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	bladecenter hs23	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	bladecenter hs22v	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	bladecenter hs22	scope:	-	version:	-	Trust: 0.3

sources: BID: 78033 // JVNDB: JVNDB-2013-003697 // CNNVD: CNNVD-201308-142 // NVD: CVE-2013-4031

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2013-4031
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-201308-142
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2013-4031
value:	HIGH
Trust: 0.1

VULMON:	CVE-2013-4031
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

sources: VULMON: CVE-2013-4031 // JVNDB: JVNDB-2013-003697 // CNNVD: CNNVD-201308-142 // NVD: CVE-2013-4031

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2013-003697 // NVD: CVE-2013-4031

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-142

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201308-142

CONFIGURATIONS

sources: NVD: CVE-2013-4031

PATCH

title:

MIGR-5093463

url:

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093463

Trust: 0.8

sources: JVNDB: JVNDB-2013-003697

EXTERNAL IDS

db:	NVD	id:	CVE-2013-4031	Trust: 2.8
db:	XF	id:	86172	Trust: 0.9
db:	JVNDB	id:	JVNDB-2013-003697	Trust: 0.8
db:	XF	id:	20134031	Trust: 0.6
db:	CNNVD	id:	CNNVD-201308-142	Trust: 0.6
db:	BID	id:	78033	Trust: 0.3
db:	VULMON	id:	CVE-2013-4031	Trust: 0.1

sources: VULMON: CVE-2013-4031 // BID: 78033 // JVNDB: JVNDB-2013-003697 // CNNVD: CNNVD-201308-142 // NVD: CVE-2013-4031

REFERENCES

url:	http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093463	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/86172	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/86172	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4031	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4031	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/255.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30356	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2013-4031 // BID: 78033 // JVNDB: JVNDB-2013-003697 // CNNVD: CNNVD-201308-142 // NVD: CVE-2013-4031

CREDITS

Unknown

Trust: 0.3

sources: BID: 78033

SOURCES

db:	VULMON	id:	CVE-2013-4031
db:	BID	id:	78033
db:	JVNDB	id:	JVNDB-2013-003697
db:	CNNVD	id:	CNNVD-201308-142
db:	NVD	id:	CVE-2013-4031

LAST UPDATE DATE

2022-05-04T10:27:21.327000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2013-4031	date:	2017-08-29T00:00:00
db:	BID	id:	78033	date:	2013-08-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-003697	date:	2013-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201308-142	date:	2013-08-14T00:00:00
db:	NVD	id:	CVE-2013-4031	date:	2017-08-29T01:33:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2013-4031	date:	2013-08-09T00:00:00
db:	BID	id:	78033	date:	2013-08-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-003697	date:	2013-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201308-142	date:	2013-08-14T00:00:00
db:	NVD	id:	CVE-2013-4031	date:	2013-08-09T23:55:00