CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-1290

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.0260%
EPSS Percentile32.93th
Published2009年4月13日
Last Modified2026年4月23日

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.

Affected Platforms (CPE)

📦
Ibm

Advanced Management Module

= 1.36h

References & Advisories

🔗 http://osvdb.org/53660
🔗 http://securitytracker.com/id?1022025
🔗 http://www.louhinetworks.fi/advisory/ibm_090409.txt
🔗 http://www.securityfocus.com/archive/1/502582/100/0/threaded
🔗 http://www.securityfocus.com/bid/34447
🔗 http://osvdb.org/53660
🔗 http://securitytracker.com/id?1022025
🔗 http://www.louhinetworks.fi/advisory/ibm_090409.txt

関連する脆弱性情報

CVE-2009-393510.0

Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx an...

CVE-2013-67186.4

The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to ...

CVE-2018-77976.1

A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Moni...

CVE-2016-82326.1

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than...