Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2009-1289
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
IBM BladeCenter高级管理模块 'private/login.ssi' 权限许可和访问控制漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IBM BladeCenter是美国IBM公司的系列高性能刀片服务器。 BladeCenter所使用的高级管理模块(AMM)的Web管理接口没有正确地过滤用户所提交的输入和请求。AMM没有验证HTTP请求的来源,如果通过认证的管理员受骗查看了恶意的HTML内容的话,向AMM的Web管理接口提交恶意表单就可以完全获得管理员权限。由于管理界面允许No session timeout选项,如果没有从浏览器清除缓存的认证凭据的话,即使已经关闭了包含有管理界面的标签页,用户仍可能受这种攻击的影响。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2009-1289
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2009-1289
Please Login to view more intelligence information
New Vulnerabilities
Product: n/a
Vendor: n/a
V. Comments for CVE-2009-1289

No comments yet

Leave a comment