private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.
2009-04-13T16:30:00.453
2025-04-09T00:30:58.490
Deferred
CVSSv2: 4.0 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:N/A:N
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ibm | advanced_management_module | 1.36h | Yes |
| Hardware | ibm | bladecenter | e | Yes |
| Hardware | ibm | bladecenter | e | Yes |
| Hardware | ibm | bladecenter | e | Yes |
| Hardware | ibm | bladecenter | h | Yes |
| Hardware | ibm | bladecenter | h | Yes |
| Hardware | ibm | bladecenter | hc10 | Yes |
| Hardware | ibm | bladecenter | hs12 | Yes |
| Hardware | ibm | bladecenter | hs12 | Yes |
| Hardware | ibm | bladecenter | hs12 | Yes |
| Hardware | ibm | bladecenter | hs20 | Yes |
| Hardware | ibm | bladecenter | hs21 | Yes |
| Hardware | ibm | bladecenter | hs21 | Yes |
| Hardware | ibm | bladecenter | hs21_xm | Yes |
| Hardware | ibm | bladecenter | hs21_xm | Yes |
| Hardware | ibm | bladecenter | ht | Yes |
| Hardware | ibm | bladecenter | ht | Yes |
| Hardware | ibm | bladecenter | js12 | Yes |
| Hardware | ibm | bladecenter | js21 | Yes |
| Hardware | ibm | bladecenter | js21 | Yes |
| Hardware | ibm | bladecenter | js22 | Yes |
| Hardware | ibm | bladecenter | ls20 | Yes |
| Hardware | ibm | bladecenter | ls21 | Yes |
| Hardware | ibm | bladecenter | ls41 | Yes |
| Hardware | ibm | bladecenter | qs21 | Yes |
| Hardware | ibm | bladecenter | qs22 | Yes |
| Hardware | ibm | bladecenter | s | Yes |
| Hardware | ibm | bladecenter | s | Yes |
| Hardware | ibm | bladecenter | t | Yes |
| Hardware | ibm | bladecenter | t | Yes |