CVE-2013-4038
First published: Fri Aug 09 2013(Updated: )
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM BladeCenter | =hs22 | |
| IBM BladeCenter | =hs22v | |
| IBM BladeCenter | =hs23 | |
| IBM BladeCenter | =hs23e | |
| IBM BladeCenter | =hx5 | |
| IBM Flex System X220 Compute Node | ||
| IBM Flex System X240 | ||
| IBM Flex System X440 | ||
| Lenovo System X Idataplex Dx360 M2 Firmware | ||
| IBM System X iDataPlex DX360 M3 Server | ||
| IBM iDataplex Dx360 M4 | ||
| IBM System X3100 M4 Firmware | ||
| IBM System X3200 M3 | ||
| IBM System X3250 M3 | ||
| IBM System X3250 M4 Firmware | ||
| IBM System X3400 M2 | ||
| Lenovo System X3400 M3 | ||
| Lenovo System X3500 M2 | ||
| Lenovo System X3500 M3 | ||
| Lenovo System X3500 M4 Firmware | ||
| Lenovo System X3530 M4 | ||
| Lenovo System X3560 M2 | ||
| Lenovo System X3550 M3 Firmware | ||
| Lenovo System X3550 M4 | ||
| IBM System X3620 M3 | ||
| Lenovo System X3630 M3 | ||
| IBM System X3630 M4 HD | ||
| IBM System X3650 M2 | ||
| Lenovo System X3650 M3 Firmware | ||
| IBM System x3650 M4 Firmware | ||
| Lenovo System X3690 X5 Firmware | ||
| Lenovo System X3750 M4 | ||
| Lenovo System X3850 X5 | ||
| Lenovo System X3950 X5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-4038?
CVE-2013-4038 has a high severity rating due to its use of cleartext password storage, which exposes sensitive information.
How do I fix CVE-2013-4038?
To fix CVE-2013-4038, implement secure password storage and encryption mechanisms in the IPMI implementation.
Which IBM products are affected by CVE-2013-4038?
CVE-2013-4038 affects various IBM products including BladeCenter, Flex System, and System x servers.
What are the risks of CVE-2013-4038?
The risks of CVE-2013-4038 include unauthorized access to sensitive information and potential system control by attackers.
Can CVE-2013-4038 be exploited remotely?
Yes, CVE-2013-4038 can be exploited remotely by attackers with network access to the affected IBM systems.
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm bladecenter
- version/ibm bladecenter/hs22
- version/ibm bladecenter/hs22v
- version/ibm bladecenter/hs23
- version/ibm bladecenter/hs23e
- version/ibm bladecenter/hx5
- canonical/ibm flex system x220 compute node
- canonical/ibm flex system x240
- canonical/ibm flex system x440
- canonical/lenovo system x idataplex dx360 m2 firmware
- canonical/ibm system x idataplex dx360 m3 server
- canonical/ibm idataplex dx360 m4
- canonical/ibm system x3100 m4 firmware
- canonical/ibm system x3200 m3
- canonical/ibm system x3250 m3
- canonical/ibm system x3250 m4 firmware
- canonical/ibm system x3400 m2
- canonical/lenovo system x3400 m3
- canonical/lenovo system x3500 m2
- canonical/lenovo system x3500 m3
- canonical/lenovo system x3500 m4 firmware
- canonical/lenovo system x3530 m4
- canonical/lenovo system x3560 m2
- canonical/lenovo system x3550 m3 firmware
- canonical/lenovo system x3550 m4
- canonical/ibm system x3620 m3
- canonical/lenovo system x3630 m3
- canonical/ibm system x3630 m4 hd
- canonical/ibm system x3650 m2
- canonical/lenovo system x3650 m3 firmware
- canonical/ibm system x3650 m4 firmware
- canonical/lenovo system x3690 x5 firmware
- canonical/lenovo system x3750 m4
- canonical/lenovo system x3850 x5
- canonical/lenovo system x3950 x5