Short Name |
APP:IBM:BLADECENTER-INFO |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
IBM BladeCenter Management Module Information Disclosure |
Release Date |
2013/06/18 |
Update Number |
2273 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in IBM BladeCenter Management Module. A successful attack can lead to unauthorized information disclosure.
IBM BladeCenter Management Module is prone to multiple cross-site scripting vulnerabilities, a directory-traversal vulnerability and an information-disclosure vulnerability. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, view arbitrary local files and directories within the context of the webserver, and to disclose sensitive information. This may let the attacker steal cookie-based authentication credentials and other information; harvested information may aid in launching further attacks. IBM BladeCenter Management Module BPET48L is affected; other versions may also be vulnerable.