APP: IBM BladeCenter Advanced Management Module Cross-Site Request Forgery
This signature detects attempts to exploit a known vulnerability against IBM BladeCenter Advanced Management Module. A successful attack can lead to cross-site request forgery attacks and unauthorized session hijack.
Extended Description
IBM BladeCenter Advanced Management Module is prone to the following remote vulnerabilities: - An HTML-injection vulnerability - A cross-site scripting vulnerability - An information-disclosure vulnerability - Multiple cross-site request-forgery vulnerabilities An attacker can exploit these issues to obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and perform actions as an authenticated user of the application. Other attacks are also possible. Versions prior to BladeCenter Advanced Management Module 1.42U are vulnerable.
Affected Products
Ibm bladecenter_advanced_management_module
Short Name
APP:IBM:BLADECENTER-AMM-CSRF
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Advanced BladeCenter CVE-2009-1289 CVE-2009-1290 Cross-Site Forgery IBM Management Module Request bid:34447
Release Date
12/12/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Ibm
CVSS Score
6.8
4.0