← Back

CVE-2009-1290

nvd nist
Published: Apr 13, 2009Modified: Apr 23, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.

Affected (1)

Ibm
1 product
Advanced Management Module
Configuration A
1 vulnerable · 29 platform
Vulnerable SoftwareAffected Versions
Advanced Management Module
Version 1.36h
Running on/withPlatform Versions
Ibm
Bladecenter
Version e
Ibm
Bladecenter
Version e
Ibm
Bladecenter
Version e
Ibm
Bladecenter
Version h
Ibm
Bladecenter
Version h
Ibm
Bladecenter
Version hc10
Ibm
Bladecenter
Version hs12
Ibm
Bladecenter
Version hs12
Ibm
Bladecenter
Version hs12
Ibm
Bladecenter
Version hs20
Ibm
Bladecenter
Version hs21
Ibm
Bladecenter
Version hs21
Ibm
Bladecenter
Version hs21_xm
Ibm
Bladecenter
Version hs21_xm
Ibm
Bladecenter
Version ht
Ibm
Bladecenter
Version ht
Ibm
Bladecenter
Version js12
Ibm
Bladecenter
Version js21
Ibm
Bladecenter
Version js21
Ibm
Bladecenter
Version js22
Ibm
Bladecenter
Version ls20
Ibm
Bladecenter
Version ls21
Ibm
Bladecenter
Version ls41
Ibm
Bladecenter
Version qs21
Ibm
Bladecenter
Version qs22
Ibm
Bladecenter
Version s
Ibm
Bladecenter
Version s
Ibm
Bladecenter
Version t
Ibm
Bladecenter
Version t

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (10)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.