Unrated severityNVD Advisory· Published Aug 9, 2013· Updated Apr 29, 2026

CVE-2013-4037

Description

The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.

Affected products

IBM/Bladecenter5 versions
cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*
IBM/Flex System X220 Compute Node
cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:*
IBM/Flex System X240 Compute Node
cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:*
IBM/Flex System X440 Compute Node
cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:*
IBM/System X Idataplex Dx360 M2 Server
cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:*
IBM/System X Idataplex Dx360 M3 Server
cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:*
IBM/System X Idataplex Dx360 M4 Server
cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:*
IBM/System X3100 M4
cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:*
IBM/System X3200 M3
cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:*
IBM/System X3250 M3
cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:*
IBM/System X3250 M4
cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:*
IBM/System X3400 M2
cpe:2.3:h:ibm:system_x3400_m2:-:*:*:*:*:*:*:*
IBM/System X3400 M3
cpe:2.3:h:ibm:system_x3400_m3:-:*:*:*:*:*:*:*
IBM/System X3500 M2
cpe:2.3:h:ibm:system_x3500_m2:-:*:*:*:*:*:*:*
IBM/System X3500 M3
cpe:2.3:h:ibm:system_x3500_m3:-:*:*:*:*:*:*:*
IBM/System X3500 M4
cpe:2.3:h:ibm:system_x3500_m4:-:*:*:*:*:*:*:*
IBM/System X3530 M4
cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*
IBM/System X3550 M2
cpe:2.3:h:ibm:system_x3550_m2:-:*:*:*:*:*:*:*
IBM/System X3550 M3
cpe:2.3:h:ibm:system_x3550_m3:-:*:*:*:*:*:*:*
IBM/System X3550 M4
cpe:2.3:h:ibm:system_x3550_m4:-:*:*:*:*:*:*:*
IBM/System X3620 M3
cpe:2.3:h:ibm:system_x3620_m3:-:*:*:*:*:*:*:*
IBM/System X3630 M3
cpe:2.3:h:ibm:system_x3630_m3:-:*:*:*:*:*:*:*
IBM/System X3630 M4
cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*
IBM/System X3650 M2
cpe:2.3:h:ibm:system_x3650_m2:-:*:*:*:*:*:*:*
IBM/System X3650 M3
cpe:2.3:h:ibm:system_x3650_m3:-:*:*:*:*:*:*:*
IBM/System X3650 M4
cpe:2.3:h:ibm:system_x3650_m4:-:*:*:*:*:*:*:*
IBM/System X3690 X5
cpe:2.3:h:ibm:system_x3690_x5:-:*:*:*:*:*:*:*
IBM/System X3750 M4
cpe:2.3:h:ibm:system_x3750_m4:-:*:*:*:*:*:*:*
IBM/System X3850 X5
cpe:2.3:h:ibm:system_x3850_x5:-:*:*:*:*:*:*:*
IBM/System X3950 X5
cpe:2.3:h:ibm:system_x3950_x5:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/entry/portal/docdisplaynvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/86173nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000