Vulnerability CVE-2013-4030


Published: 2014-01-20   Modified: 2014-01-21

Description:
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
IBM -> System x3550 m2 
IBM -> Integrated management module 2 
IBM -> Bladecenter 
IBM -> System x3550 m3 
IBM -> Flex system manager node 7955 
IBM -> System x3550 m4 
IBM -> Flex system manager node 8731 
IBM -> System x3630 m3 
IBM -> Flex system manager node 8734 
IBM -> System x3630 m4 
IBM -> Flex system x220 compute node 
IBM -> System x3630 m4 hd 
IBM -> Flex system x240 compute node 
IBM -> System x3650 m2 
IBM -> Flex system x440 compute node 
IBM -> System x3650 m3 
IBM -> Ntegrated management module 2 
IBM -> System x3650 m4 
IBM -> System x3100 m4 
IBM -> System x3650 m4 hd 
IBM -> System x3250 m4 
IBM -> System x3690 x5 
IBM -> System x3300 m4 
IBM -> System x3750 m4 
IBM -> System x3500 m2 
IBM -> System x3850 x5 
IBM -> System x3500 m3 
IBM -> System x3950 x5 
IBM -> System x3500 m4 
IBM -> System x idataplex direct water cooled dx360 m4 server 
IBM -> System x3530 m4 
IBM -> System x idataplex dx360 m4 server 

 References:
http://xforce.iss.net/xforce/xfdb/86068
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301

Copyright 2024, cxsecurity.com

 

Back to Top