CyberSec.Space Logo
Back to CVE Browser

CVE-2014-0860

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.0050%
EPSS Percentile18.53th
PublishedJul 7, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.

Affected Platforms (CPE)

πŸ’»
Ibm

Integrated Management Module Firmware

<= 1.36
πŸ”Œ
Ibm

Integrated Management Module

All versions
πŸ’»
Ibm

Advanced Management Module Firmware

<= 3.65
πŸ”Œ
Ibm

Advanced Management Module

All versions
πŸ’»
Ibm

Integrated Management Module Ii Firmware

<= 3.65
πŸ”Œ
Ibm

Integrated Management Module Ii

All versions

References & Advisories

πŸ”— http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/90880
πŸ”— http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/90880

Related Vulnerabilities

CVE-2014-08817.4

The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote at...

CVE-2019-61576.5

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) in...

CVE-2014-052810.0

Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attac...

CVE-2014-052510.0

The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X does not prevent access to unm...