Sign-up

ID

VAR-201312-0461


CVE

CVE-2013-6718


TITLE

IBM BladeCenter For system Advanced Management Module Vulnerabilities in the acquisition of account names and passwords in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-005333

DESCRIPTION

The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface. Little is known about this issue or its effects at this time. We will update this BID as more information emerges

Trust: 1.98

sources: NVD: CVE-2013-6718 // JVNDB: JVNDB-2013-005333 // BID: 64032 // VULHUB: VHN-66720

AFFECTED PRODUCTS

vendor:ibmmodel:advanced management modulescope:eqversion:3.64

Trust: 1.6

vendor:ibmmodel:bladecenter management modulescope:eqversion:3.64b

Trust: 0.8

vendor:ibmmodel:bladecenter management modulescope:eqversion:3.64c

Trust: 0.8

vendor:ibmmodel:bladecenter management modulescope:eqversion:3.64g

Trust: 0.8

vendor:ibmmodel:bladecenter advanced management module 3.64gscope: - version: -

Trust: 0.3

vendor:ibmmodel:bladecenter advanced management module 3.64cscope: - version: -

Trust: 0.3

vendor:ibmmodel:bladecenter advanced management module 3.64bscope: - version: -

Trust: 0.3

sources: BID: 64032 // JVNDB: JVNDB-2013-005333 // CNNVD: CNNVD-201312-002 // NVD: CVE-2013-6718

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6718
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6718
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-002
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66720
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6718
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66720
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66720 // JVNDB: JVNDB-2013-005333 // CNNVD: CNNVD-201312-002 // NVD: CVE-2013-6718

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-66720 // JVNDB: JVNDB-2013-005333 // NVD: CVE-2013-6718

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-002

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201312-002

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005333

PATCH
title:IBM BladeCenter Advanced Management Module Account Information Exposure (CVE-2013-6718)url:https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_bladecenter_advanced_management_module_account_information_exposure_cve_2013_6718?lang=ja
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005333

EXTERNAL IDS
db:NVDid:CVE-2013-6718
Trust: 2.8
db:BIDid:64032
Trust: 1.4
db:SECUNIAid:55921
Trust: 1.1
db:OSVDBid:100397
Trust: 1.1
db:JVNDBid:JVNDB-2013-005333
Trust: 0.8
db:CNNVDid:CNNVD-201312-002
Trust: 0.7
db:XFid:20136718
Trust: 0.6
db:XFid:89174
Trust: 0.6
db:VULHUBid:VHN-66720
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66720 // 
            
            
            
            BID: 64032 // 
            
            
            
            JVNDB: JVNDB-2013-005333 // 
            
            
            
            CNNVD: CNNVD-201312-002 // 
            
            
            
            NVD: CVE-2013-6718

REFERENCES
url:http://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_bladecenter_advanced_management_module_account_information_exposure_cve_2013_6718
Trust: 1.7
url:http://www.securityfocus.com/bid/64032
Trust: 1.1
url:http://osvdb.org/100397
Trust: 1.1
url:http://secunia.com/advisories/55921
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/89174
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6718
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6718
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/89174
Trust: 0.6
url:http://www14.software.ibm.com/webapp/download/demo.jsp?id=ibm+bladecenter+advanced+management+module+nov06&locale=en
Trust: 0.3
url:https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_bladecenter_advanced_management_module_account_information_exposure_cve_2013_6718?lang=en_us
Trust: 0.3
sources:
            
            
            VULHUB: VHN-66720 // 
            
            
            
            BID: 64032 // 
            
            
            
            JVNDB: JVNDB-2013-005333 // 
            
            
            
            CNNVD: CNNVD-201312-002 // 
            
            
            
            NVD: CVE-2013-6718

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 64032

SOURCES
db:VULHUBid:VHN-66720
db:BIDid:64032
db:JVNDBid:JVNDB-2013-005333
db:CNNVDid:CNNVD-201312-002
db:NVDid:CVE-2013-6718

LAST UPDATE DATE
2024-11-23T22:23:12.200000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66720date:2017-08-29T00:00:00
db:BIDid:64032date:2013-11-29T00:00:00
db:JVNDBid:JVNDB-2013-005333date:2013-12-03T00:00:00
db:CNNVDid:CNNVD-201312-002date:2013-12-06T00:00:00
db:NVDid:CVE-2013-6718date:2024-11-21T01:59:36.503

SOURCES RELEASE DATE
db:VULHUBid:VHN-66720date:2013-12-01T00:00:00
db:BIDid:64032date:2013-11-29T00:00:00
db:JVNDBid:JVNDB-2013-005333date:2013-12-03T00:00:00
db:CNNVDid:CNNVD-201312-002date:2013-12-06T00:00:00
db:NVDid:CVE-2013-6718date:2013-12-01T04:31:49.707