Cross-Site Request Forgery Vulnerabilities in IBM BladeCenter's Advanced Management Module
CVE-2009-1290

Currently unrated

Key Information:

Vendor: IBM
Status: Advanced Management Module
Vendor: CVE Published:; 13 April 2009

Summary

The Advanced Management Module (AMM) on IBM's BladeCenter products, including BladeCenter H with BPET36H 54, contains multiple vulnerabilities that allow remote attackers to exploit CSRF. This can lead to unauthorized actions being taken on behalf of authenticated administrators, potentially resulting in significant management disruptions. An example of this exploit involves sending a power-off request through the private/blade_power_action script, granting attackers the ability to hijack administrative sessions.

References

http://www.securityfocus.com/archive/1/502582/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/34447

vdb-entryx_refsource_BID

http://securitytracker.com/id?1022025

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Apr 13, 2009
Vulnerability Reserved
Apr 13, 2009