VYPR

Advanced Management Module

by IBM

CVEs (13)

  • CVE-2016-8232MedMar 1, 2017
    risk 0.40cvss 6.1epss 0.01

    Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted…

  • CVE-2010-2656Jul 8, 2010
    risk 0.03cvss epss 0.02

    The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core…

  • CVE-2010-2655Jul 8, 2010
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly…

  • CVE-2010-2654Jul 8, 2010
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2)…

  • CVE-2010-1460Apr 16, 2010
    risk 0.03cvss epss 0.03

    The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data.

  • CVE-2009-1290Apr 13, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as…

  • CVE-2009-1288Apr 13, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH…

  • CVE-2020-8339Sep 15, 2020
    risk 0.00cvss epss 0.01

    A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is…

  • CVE-2014-0860Jul 7, 2014
    risk 0.00cvss epss 0.01

    The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows…

  • CVE-2013-6718Dec 1, 2013
    risk 0.00cvss epss 0.01

    The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface.

  • CVE-2013-4007Aug 16, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-3935Nov 12, 2009
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors.

  • CVE-2009-1289Apr 13, 2009
    risk 0.00cvss epss 0.01

    private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.