CVE-2009-1290 : Multiple cross-site request forgery (CSRF) vulnerabilities in the web administra

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.

Published 2009-04-13 16:30:00

Updated 2018-10-10 19:35:48

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Products affected by CVE-2009-1290

IBM » Advanced Management Module » Version: 1.36h
cpe:2.3:a:ibm:advanced_management_module:1.36h:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Bladecenter » Version: E 1881 Edition
When used together with: IBM » Bladecenter » Version: E 7967 Edition
When used together with: IBM » Bladecenter » Version: E 8677 Edition
When used together with: IBM » Bladecenter » Version: H 7989 Edition
When used together with: IBM » Bladecenter » Version: H 8852 Edition
When used together with: IBM » Bladecenter » Version: Hc10 7996 Edition
When used together with: IBM » Bladecenter » Version: Hs12 1916 Edition
When used together with: IBM » Bladecenter » Version: Hs12 8014 Edition
When used together with: IBM » Bladecenter » Version: Hs12 8028 Edition
When used together with: IBM » Bladecenter » Version: Hs20 1883 Edition
When used together with: IBM » Bladecenter » Version: Hs21 1885 Edition
When used together with: IBM » Bladecenter » Version: Hs21 8853 Edition
When used together with: IBM » Bladecenter » Version: Hs21 Xm 1915 Edition
When used together with: IBM » Bladecenter » Version: Hs21 Xm 7995 Edition
When used together with: IBM » Bladecenter » Version: HT 8740 Edition
When used together with: IBM » Bladecenter » Version: HT 8750 Edition
When used together with: IBM » Bladecenter » Version: Js12 7998 Edition
When used together with: IBM » Bladecenter » Version: Js21 7988 Edition
When used together with: IBM » Bladecenter » Version: Js21 8844 Edition
When used together with: IBM » Bladecenter » Version: Js22 7998 Edition
When used together with: IBM » Bladecenter » Version: Ls20 8850 Edition
When used together with: IBM » Bladecenter » Version: Ls21 7971 Edition
When used together with: IBM » Bladecenter » Version: Ls41 7972 Edition
When used together with: IBM » Bladecenter » Version: Qs21 0792 Edition
When used together with: IBM » Bladecenter » Version: Qs22 0793 Edition
When used together with: IBM » Bladecenter » Version: S 1948 Edition
When used together with: IBM » Bladecenter » Version: S 8886 Edition
When used together with: IBM » Bladecenter » Version: T 8720 Edition
When used together with: IBM » Bladecenter » Version: T 8730 Edition

Exploit prediction scoring system (EPSS) score for CVE-2009-1290

EPSS FAQ

0.46%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 62 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-1290

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2009-1290

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-1290

Jump to

Vulnerability Details : CVE-2009-1290

Products affected by CVE-2009-1290

Exploit prediction scoring system (EPSS) score for CVE-2009-1290

CVSS scores for CVE-2009-1290

CWE ids for CVE-2009-1290

References for CVE-2009-1290