IBM Flex System CMM and IMM2 Modules Credentials Disclosure
IBM Flex System CMM and IMM2 Modules Credentials Disclosure Security Issue
Release Date : 2012-12-07
Criticality level : Not critical
Impact : Exposure of sensitive information
Where : Local system
Solution Status : Vendor Patch
Software: IBM Flex System Chassis Management Module (CMM) 1.x
IBM Flex System Integrated Management Module 2 (IMM2) 1.x
A security issue has been reported in IBM Flex System CMM and IMM2 Modules, which can be exploited by malicious, local users to disclose sensitive information.
The security issue is caused due to certain service and maintenance activity exposing SNMP and LDAP credentials. No further information is currently available.
The security issue is reported in the following products:
* IBM Flex System CMM version 1.00.0
* IBM Flex System CMM version 1.20.2
* IBM Flex System IMM2 version 1.34
* IBM Flex System IMM2 version 1.45
* IBM Flex System IMM2 version 1.60
Provided and/or discovered by:
Reported by the vendor.