Vulnerability Description
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading a file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Bladecenter | hs22 |
| Ibm | Flex System X220 Compute Node | - |
| Ibm | Flex System X240 Compute Node | - |
| Ibm | Flex System X440 Compute Node | - |
| Ibm | System X Idataplex Dx360 M2 Server | - |
| Ibm | System X Idataplex Dx360 M3 Server | - |
| Ibm | System X Idataplex Dx360 M4 Server | - |
| Ibm | System X3100 M4 | - |
| Ibm | System X3200 M3 | - |
| Ibm | System X3250 M3 | - |
| Ibm | System X3250 M4 | - |
| Ibm | System X3400 M2 | - |
| Ibm | System X3400 M3 | - |
| Ibm | System X3500 M2 | - |
| Ibm | System X3500 M3 | - |
| Ibm | System X3500 M4 | - |
| Ibm | System X3530 M4 | - |
| Ibm | System X3550 M2 | - |
| Ibm | System X3550 M3 | - |
| Ibm | System X3550 M4 | - |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86174
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86174
FAQ
What is CVE-2013-4038?
CVE-2013-4038 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext f...
How severe is CVE-2013-4038?
CVE-2013-4038 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4038?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Bladecenter, Ibm Flex System X220 Compute Node, Ibm Flex System X240 Compute Node, Ibm Flex System X440 Compute Node, Ibm System X Idataplex Dx360 M2 Server.