Unrated severityNVD Advisory· Published Jul 7, 2014· Updated May 6, 2026

CVE-2014-0860

Description

The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.

Affected products

IBM/Integrated Management Module Firmware
cpe:2.3:o:ibm:integrated_management_module_firmware:*:*:*:*:*:*:*:*
Range: <=1.36
IBM/Integrated Management Module
cpe:2.3:h:ibm:integrated_management_module:-:*:*:*:*:*:*:*
IBM/Advanced Management Module Firmware
cpe:2.3:o:ibm:advanced_management_module_firmware:*:*:*:*:*:*:*:*
Range: <=3.65
IBM/Advanced Management Module
cpe:2.3:h:ibm:advanced_management_module:-:*:*:*:*:*:*:*
IBM/Integrated Management Module Ii Firmware
cpe:2.3:o:ibm:integrated_management_module_ii_firmware:*:*:*:*:*:*:*:*
Range: <=3.65
IBM/Integrated Management Module Ii
cpe:2.3:h:ibm:integrated_management_module_ii:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/entry/portal/docdisplaynvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/90880nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000