CVE-2009-1290

Summary

CVE	CVE-2009-1290
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2009-04-13 16:30:00 UTC
Updated	2018-10-10 19:35:00 UTC
Description	Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.

Risk And Classification

Problem Types: CWE-352

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Ibm	Advanced Management Module	1.36h	All	All	All
Application	Ibm	Advanced Management Module	1.36h	All	All	All
Hardware	Ibm	Bladecenter	e	All	1881	All
Hardware	Ibm	Bladecenter	e	All	7967	All
Hardware	Ibm	Bladecenter	e	All	8677	All
Hardware	Ibm	Bladecenter	h	All	7989	All
Hardware	Ibm	Bladecenter	h	All	8852	All
Hardware	Ibm	Bladecenter	hc10	All	7996	All
Hardware	Ibm	Bladecenter	hs12	All	1916	All
Hardware	Ibm	Bladecenter	hs12	All	8014	All
Hardware	Ibm	Bladecenter	hs12	All	8028	All
Hardware	Ibm	Bladecenter	hs20	All	1883	All
Hardware	Ibm	Bladecenter	hs21	All	1885	All
Hardware	Ibm	Bladecenter	hs21	All	8853	All
Hardware	Ibm	Bladecenter	hs21_xm	All	1915	All
Hardware	Ibm	Bladecenter	hs21_xm	All	7995	All
Hardware	Ibm	Bladecenter	ht	All	8740	All
Hardware	Ibm	Bladecenter	ht	All	8750	All
Hardware	Ibm	Bladecenter	js12	All	7998	All
Hardware	Ibm	Bladecenter	js21	All	7988	All
Hardware	Ibm	Bladecenter	js21	All	8844	All
Hardware	Ibm	Bladecenter	js22	All	7998	All
Hardware	Ibm	Bladecenter	ls20	All	8850	All
Hardware	Ibm	Bladecenter	ls21	All	7971	All
Hardware	Ibm	Bladecenter	ls41	All	7972	All
Hardware	Ibm	Bladecenter	qs21	All	0792	All
Hardware	Ibm	Bladecenter	qs22	All	0793	All
Hardware	Ibm	Bladecenter	s	All	1948	All
Hardware	Ibm	Bladecenter	s	All	8886	All
Hardware	Ibm	Bladecenter	t	All	8720	All
Hardware	Ibm	Bladecenter	t	All	8730	All
Hardware	Ibm	Bladecenter	e	All	1881	All
Hardware	Ibm	Bladecenter	e	All	7967	All
Hardware	Ibm	Bladecenter	e	All	8677	All
Hardware	Ibm	Bladecenter	h	All	7989	All
Hardware	Ibm	Bladecenter	h	All	8852	All
Hardware	Ibm	Bladecenter	hc10	All	7996	All
Hardware	Ibm	Bladecenter	hs12	All	1916	All
Hardware	Ibm	Bladecenter	hs12	All	8014	All
Hardware	Ibm	Bladecenter	hs12	All	8028	All
Hardware	Ibm	Bladecenter	hs20	All	1883	All
Hardware	Ibm	Bladecenter	hs21	All	1885	All
Hardware	Ibm	Bladecenter	hs21	All	8853	All
Hardware	Ibm	Bladecenter	hs21_xm	All	1915	All
Hardware	Ibm	Bladecenter	hs21_xm	All	7995	All
Hardware	Ibm	Bladecenter	ht	All	8740	All
Hardware	Ibm	Bladecenter	ht	All	8750	All
Hardware	Ibm	Bladecenter	js12	All	7998	All
Hardware	Ibm	Bladecenter	js21	All	7988	All
Hardware	Ibm	Bladecenter	js21	All	8844	All
Hardware	Ibm	Bladecenter	js22	All	7998	All
Hardware	Ibm	Bladecenter	ls20	All	8850	All
Hardware	Ibm	Bladecenter	ls21	All	7971	All
Hardware	Ibm	Bladecenter	ls41	All	7972	All
Hardware	Ibm	Bladecenter	qs21	All	0792	All
Hardware	Ibm	Bladecenter	qs22	All	0793	All
Hardware	Ibm	Bladecenter	s	All	1948	All
Hardware	Ibm	Bladecenter	s	All	8886	All
Hardware	Ibm	Bladecenter	t	All	8720	All
Hardware	Ibm	Bladecenter	t	All	8730	All

References

Reference	Source	Link	Tags
SecurityFocus	BUGTRAQ	www.securityfocus.com
Page not found - Louhi	MISC	www.louhinetworks.fi
IBM BladeCenter Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks - SecurityTracker	SECTRACK	securitytracker.com
IBM BladeCenter Advanced Management Module Multiple Remote Vulnerabilities	BID	www.securityfocus.com	Exploit
53660	OSVDB	osvdb.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.