CVE-2009-1289 : private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter

private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.

Published 2009-04-13 16:30:00

Updated 2018-10-10 19:35:48

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2009-1289

IBM » Advanced Management Module » Version: 1.36h
cpe:2.3:a:ibm:advanced_management_module:1.36h:*:*:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: E 1881 Edition
cpe:2.3:h:ibm:bladecenter:e:*:1881:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: S 8886 Edition
cpe:2.3:h:ibm:bladecenter:s:*:8886:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: T 8730 Edition
cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Hs12 8014 Edition
cpe:2.3:h:ibm:bladecenter:hs12:*:8014:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Hs12 1916 Edition
cpe:2.3:h:ibm:bladecenter:hs12:*:1916:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Ls20 8850 Edition
cpe:2.3:h:ibm:bladecenter:ls20:*:8850:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Ls21 7971 Edition
cpe:2.3:h:ibm:bladecenter:ls21:*:7971:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Ls41 7972 Edition
cpe:2.3:h:ibm:bladecenter:ls41:*:7972:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: HT 8750 Edition
cpe:2.3:h:ibm:bladecenter:ht:*:8750:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: H 8852 Edition
cpe:2.3:h:ibm:bladecenter:h:*:8852:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Js21 7988 Edition
cpe:2.3:h:ibm:bladecenter:js21:*:7988:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Js21 8844 Edition
cpe:2.3:h:ibm:bladecenter:js21:*:8844:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Hs21 8853 Edition
cpe:2.3:h:ibm:bladecenter:hs21:*:8853:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Hs21 1885 Edition
cpe:2.3:h:ibm:bladecenter:hs21:*:1885:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: H 7989 Edition
cpe:2.3:h:ibm:bladecenter:h:*:7989:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: S 1948 Edition
cpe:2.3:h:ibm:bladecenter:s:*:1948:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Js22 7998 Edition
cpe:2.3:h:ibm:bladecenter:js22:*:7998:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Hc10 7996 Edition
cpe:2.3:h:ibm:bladecenter:hc10:*:7996:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Hs21 Xm 7995 Edition
cpe:2.3:h:ibm:bladecenter:hs21_xm:*:7995:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Hs21 Xm 1915 Edition
cpe:2.3:h:ibm:bladecenter:hs21_xm:*:1915:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: E 7967 Edition
cpe:2.3:h:ibm:bladecenter:e:*:7967:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: E 8677 Edition
cpe:2.3:h:ibm:bladecenter:e:*:8677:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: HT 8740 Edition
cpe:2.3:h:ibm:bladecenter:ht:*:8740:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: T 8720 Edition
cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Js12 7998 Edition
cpe:2.3:h:ibm:bladecenter:js12:*:7998:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Hs12 8028 Edition
cpe:2.3:h:ibm:bladecenter:hs12:*:8028:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Hs20 1883 Edition
cpe:2.3:h:ibm:bladecenter:hs20:*:1883:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Qs21 0792 Edition
cpe:2.3:h:ibm:bladecenter:qs21:*:0792:*:*:*:*:*
Matching versions
IBM » Bladecenter » Version: Qs22 0793 Edition
cpe:2.3:h:ibm:bladecenter:qs22:*:0793:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-1289

EPSS FAQ

0.21%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 41 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-1289

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2009-1289

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-1289

Jump to

Vulnerability Details : CVE-2009-1289

Products affected by CVE-2009-1289

Exploit prediction scoring system (EPSS) score for CVE-2009-1289

CVSS scores for CVE-2009-1289

CWE ids for CVE-2009-1289

References for CVE-2009-1289