Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.
2009-04-13T16:30:00.483
2025-04-09T00:30:58.490
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ibm | advanced_management_module | 1.36h | Yes |
| Hardware | ibm | bladecenter | e | No |
| Hardware | ibm | bladecenter | e | No |
| Hardware | ibm | bladecenter | e | No |
| Hardware | ibm | bladecenter | h | No |
| Hardware | ibm | bladecenter | h | No |
| Hardware | ibm | bladecenter | hc10 | No |
| Hardware | ibm | bladecenter | hs12 | No |
| Hardware | ibm | bladecenter | hs12 | No |
| Hardware | ibm | bladecenter | hs12 | No |
| Hardware | ibm | bladecenter | hs20 | No |
| Hardware | ibm | bladecenter | hs21 | No |
| Hardware | ibm | bladecenter | hs21 | No |
| Hardware | ibm | bladecenter | hs21_xm | No |
| Hardware | ibm | bladecenter | hs21_xm | No |
| Hardware | ibm | bladecenter | ht | No |
| Hardware | ibm | bladecenter | ht | No |
| Hardware | ibm | bladecenter | js12 | No |
| Hardware | ibm | bladecenter | js21 | No |
| Hardware | ibm | bladecenter | js21 | No |
| Hardware | ibm | bladecenter | js22 | No |
| Hardware | ibm | bladecenter | ls20 | No |
| Hardware | ibm | bladecenter | ls21 | No |
| Hardware | ibm | bladecenter | ls41 | No |
| Hardware | ibm | bladecenter | qs21 | No |
| Hardware | ibm | bladecenter | qs22 | No |
| Hardware | ibm | bladecenter | s | No |
| Hardware | ibm | bladecenter | s | No |
| Hardware | ibm | bladecenter | t | No |
| Hardware | ibm | bladecenter | t | No |