ID
VAR-201308-0229
CVE
CVE-2013-4037
TITLE
plural IBM Operates on server products Integrated Management Module Vulnerabilities that gain access
Trust: 0.8
DESCRIPTION
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack. Intelligent Platform Management Interface is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions on the affected computer. This may aid in further attacks
Trust: 1.89
AFFECTED PRODUCTS
| vendor: | ibm | model: | bladecenter | scope: | eq | version: | hs22 | Trust: 1.8 |
| vendor: | ibm | model: | bladecenter | scope: | eq | version: | hs22v | Trust: 1.8 |
| vendor: | ibm | model: | bladecenter | scope: | eq | version: | hs23 | Trust: 1.8 |
| vendor: | ibm | model: | bladecenter | scope: | eq | version: | hs23e | Trust: 1.8 |
| vendor: | ibm | model: | bladecenter | scope: | eq | version: | hx5 | Trust: 1.8 |
| vendor: | ibm | model: | system x3530 m4 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | ibm | model: | system x3500 m4 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | ibm | model: | system x3400 m2 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | ibm | model: | system x3500 m2 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | ibm | model: | system x3550 m2 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | ibm | model: | system x3400 m3 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | ibm | model: | system x3550 m4 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | ibm | model: | system x3550 m3 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | ibm | model: | system x3500 m3 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | ibm | model: | system x3250 m4 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | ibm | model: | system x idataplex dx360 m4 server | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | flex system x240 compute node | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x3250 m3 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x3650 m3 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | flex system x220 compute node | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x3620 m3 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x3630 m3 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x3650 m4 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | flex system x440 compute node | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x3650 m2 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x3690 x5 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x3630 m4 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x3100 m4 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x3200 m3 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x idataplex dx360 m2 server | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x3850 x5 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x3950 x5 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x3750 m4 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | system x idataplex dx360 m3 server | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ibm | model: | flex system x220 compute node | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | flex system x240 compute node | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | flex system x440 compute node | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x idataplex dx360 m2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x idataplex dx360 m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x idataplex dx360 m4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3100 m4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3200 m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3250 m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3250 m4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3400 m2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3400 m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3500 m2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3500 m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3500 m4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3530 m4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3550 m2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3550 m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3550 m4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3620 m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3630 m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3630 m4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3650 m2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3650 m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3650 m4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3690 x5 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3750 m4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3850 x5 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | system x3950 x5 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | intel | model: | intelligent platform management interface | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | ibm | model: | system | scope: | eq | version: | x3950x5 | Trust: 0.3 |
| vendor: | ibm | model: | system | scope: | eq | version: | x3850x5 | Trust: 0.3 |
| vendor: | ibm | model: | system m4 | scope: | eq | version: | x3750 | Trust: 0.3 |
| vendor: | ibm | model: | system | scope: | eq | version: | x3690x5 | Trust: 0.3 |
| vendor: | ibm | model: | system m4 | scope: | eq | version: | x3650 | Trust: 0.3 |
| vendor: | ibm | model: | system m3 | scope: | eq | version: | x3650 | Trust: 0.3 |
| vendor: | ibm | model: | system m2 | scope: | eq | version: | x3650 | Trust: 0.3 |
| vendor: | ibm | model: | system m4 | scope: | eq | version: | x3630 | Trust: 0.3 |
| vendor: | ibm | model: | system m3 | scope: | eq | version: | x3630 | Trust: 0.3 |
| vendor: | ibm | model: | system m3 | scope: | eq | version: | x3620 | Trust: 0.3 |
| vendor: | ibm | model: | system m4 | scope: | eq | version: | x3550 | Trust: 0.3 |
| vendor: | ibm | model: | system m3 | scope: | eq | version: | x3550 | Trust: 0.3 |
| vendor: | ibm | model: | system m2 | scope: | eq | version: | x3550 | Trust: 0.3 |
| vendor: | ibm | model: | system m4 | scope: | eq | version: | x3530 | Trust: 0.3 |
| vendor: | ibm | model: | system m4 | scope: | eq | version: | x3500 | Trust: 0.3 |
| vendor: | ibm | model: | system m3 | scope: | eq | version: | x3500 | Trust: 0.3 |
| vendor: | ibm | model: | system m2 | scope: | eq | version: | x3500 | Trust: 0.3 |
| vendor: | ibm | model: | system m3 | scope: | eq | version: | x3400 | Trust: 0.3 |
| vendor: | ibm | model: | system m2 | scope: | eq | version: | x3400 | Trust: 0.3 |
| vendor: | ibm | model: | system m4 | scope: | eq | version: | x3250 | Trust: 0.3 |
| vendor: | ibm | model: | system m3 | scope: | eq | version: | x3250 | Trust: 0.3 |
| vendor: | ibm | model: | system m3 | scope: | eq | version: | x3200 | Trust: 0.3 |
| vendor: | ibm | model: | system m4 | scope: | eq | version: | x3100 | Trust: 0.3 |
| vendor: | ibm | model: | system idataplex dx360 m4 | scope: | eq | version: | x | Trust: 0.3 |
| vendor: | ibm | model: | system idataplex dx360 m3 | scope: | eq | version: | x | Trust: 0.3 |
| vendor: | ibm | model: | system idataplex dx360 m2 | scope: | eq | version: | x | Trust: 0.3 |
| vendor: | ibm | model: | integrated management module | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | ibm | model: | flex system compute node | scope: | eq | version: | x440 | Trust: 0.3 |
| vendor: | ibm | model: | flex system compute node | scope: | eq | version: | x240 | Trust: 0.3 |
| vendor: | ibm | model: | flex system compute node | scope: | eq | version: | x220 | Trust: 0.3 |
| vendor: | ibm | model: | bladecenter hx5 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | ibm | model: | bladecenter hs23e | scope: | - | version: | - | Trust: 0.3 |
| vendor: | ibm | model: | bladecenter hs23 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | ibm | model: | bladecenter hs22v | scope: | - | version: | - | Trust: 0.3 |
| vendor: | ibm | model: | bladecenter hs22 | scope: | - | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Design Error
Trust: 0.3
CONFIGURATIONS
PATCH
| title: | MIGR-5093463 | url: | http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093463 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-4037 | Trust: 2.7 |
| db: | JVNDB | id: | JVNDB-2013-003698 | Trust: 0.8 |
| db: | XF | id: | 86173 | Trust: 0.6 |
| db: | XF | id: | 20134037 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201308-143 | Trust: 0.6 |
| db: | BID | id: | 61884 | Trust: 0.3 |
REFERENCES
| url: | http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093463 | Trust: 1.6 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/86173 | Trust: 1.0 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4037 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4037 | Trust: 0.8 |
| url: | http://xforce.iss.net/xforce/xfdb/86173 | Trust: 0.6 |
| url: | http://www.ibm.com/ | Trust: 0.3 |
| url: | http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093463 | Trust: 0.3 |
CREDITS
IBM
Trust: 0.3
SOURCES
| db: | BID | id: | 61884 |
| db: | JVNDB | id: | JVNDB-2013-003698 |
| db: | CNNVD | id: | CNNVD-201308-143 |
| db: | NVD | id: | CVE-2013-4037 |
LAST UPDATE DATE
2022-05-04T08:57:48.057000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 61884 | date: | 2013-08-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-003698 | date: | 2013-08-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201308-143 | date: | 2013-08-16T00:00:00 |
| db: | NVD | id: | CVE-2013-4037 | date: | 2017-08-29T01:33:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 61884 | date: | 2013-08-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-003698 | date: | 2013-08-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201308-143 | date: | 2013-08-13T00:00:00 |
| db: | NVD | id: | CVE-2013-4037 | date: | 2013-08-09T23:55:00 |