CVE-2013-4038

Severity

40%

Complexity

80%

Confidentiality

48%

The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N).

Overview

Type

IBM

First reported 11 years ago

2013-08-09 23:55:00

Last updated 7 years ago

2017-08-29 01:33:00

Affected Software

IBM BladeCenter HS22

hs22

IBM BladeCenter HS22V

hs22v

IBM BladeCenter HS23

hs23

IBM BladeCenter HS23E

hs23e

IBM BladeCenter HX5

hx5

IBM Flex System X220 Compute Node

IBM Flex System X240 Compute Node

IBM Flex System X440 Compute Node

IBM System X3100 M4

IBM System X3200 M3

IBM System X3250 M3

IBM System X3250 M4

IBM System X3400 M2

IBM System X3400 M3

IBM System X3500 M2

IBM System X3500 M3

IBM System X3500 M4

IBM System X3530 M4

IBM System X3550 M2

IBM System X3550 M3

IBM System X3550 M4

IBM System X3620 M3

IBM System X36300 M3

IBM System X3630 M4

IBM System X3650 M2

IBM System X36500 M3

IBM System X3650 M4

IBM System X3690 x5

IBM System X3750 M4

IBM System X3850 X5

IBM System X3950 X5

IBM System X iDataplex DX360 M2 Server

IBM System X iDataplex DX360 M3 Server

IBM System X iDataplex DX360 M4 Server

References

http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463

Vendor Advisory

imm-cve20134038-ipmi-cleartext(86174)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.