Back to CVE Browser

CVE-2009-1290

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.0260%

EPSS Percentile32.93th

PublishedApr 13, 2009

Last ModifiedApr 23, 2026

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.

Affected Platforms (CPE)

📦

Ibm

Advanced Management Module

= 1.36h

References & Advisories

🔗 http://osvdb.org/53660

🔗 http://securitytracker.com/id?1022025

🔗 http://www.louhinetworks.fi/advisory/ibm_090409.txt

🔗 http://www.securityfocus.com/archive/1/502582/100/0/threaded

🔗 http://www.securityfocus.com/bid/34447

🔗 http://osvdb.org/53660

🔗 http://securitytracker.com/id?1022025

🔗 http://www.louhinetworks.fi/advisory/ibm_090409.txt

Related Vulnerabilities

CVE-2009-393510.0

Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx an...

CVE-2013-67186.4

The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to ...

CVE-2018-77976.1

A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Moni...

CVE-2016-82326.1

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than...