Vulnerability Description
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Bladecenter | hs22 |
| Ibm | Flex System X220 Compute Node | - |
| Ibm | Flex System X240 Compute Node | - |
| Ibm | Flex System X440 Compute Node | - |
| Ibm | System X Idataplex Dx360 M2 Server | - |
| Ibm | System X Idataplex Dx360 M3 Server | - |
| Ibm | System X Idataplex Dx360 M4 Server | - |
| Ibm | System X3100 M4 | - |
| Ibm | System X3200 M3 | - |
| Ibm | System X3250 M3 | - |
| Ibm | System X3250 M4 | - |
| Ibm | System X3400 M2 | - |
| Ibm | System X3400 M3 | - |
| Ibm | System X3500 M2 | - |
| Ibm | System X3500 M3 | - |
| Ibm | System X3500 M4 | - |
| Ibm | System X3530 M4 | - |
| Ibm | System X3550 M2 | - |
| Ibm | System X3550 M3 | - |
| Ibm | System X3550 M4 | - |
References
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86173
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86173
FAQ
What is CVE-2013-4037?
CVE-2013-4037 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Fl...
How severe is CVE-2013-4037?
CVE-2013-4037 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4037?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Bladecenter, Ibm Flex System X220 Compute Node, Ibm Flex System X240 Compute Node, Ibm Flex System X440 Compute Node, Ibm System X Idataplex Dx360 M2 Server.