IBM Flex System CMM and IMM2 Modules Credentials Disclosure

by Carol~ Moderator - 12/7/12 6:22 AM

In Reply to: VULNERABILITIES / FIXES - December 07, 2012 by Carol~ Moderator

IBM Flex System CMM and IMM2 Modules Credentials Disclosure Security Issue

Release Date : 2012-12-07

Criticality level : Not critical
Impact : Exposure of sensitive information
Where : Local system
Solution Status : Vendor Patch

Software: IBM Flex System Chassis Management Module (CMM) 1.x
IBM Flex System Integrated Management Module 2 (IMM2) 1.x

Description:
A security issue has been reported in IBM Flex System CMM and IMM2 Modules, which can be exploited by malicious, local users to disclose sensitive information.

The security issue is caused due to certain service and maintenance activity exposing SNMP and LDAP credentials. No further information is currently available.

The security issue is reported in the following products:
* IBM Flex System CMM version 1.00.0
* IBM Flex System CMM version 1.20.2
* IBM Flex System IMM2 version 1.34
* IBM Flex System IMM2 version 1.45
* IBM Flex System IMM2 version 1.60

Solution:
Apply patch.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM PSIRT:
https://www.ibm.com/connections/blogs/PSIRT/entry/flex_system_chassis_management_module_cmm_and_integrated_management_module_2_imm2_potential_security_vulnerability_with_authentication_data_cve_2012_4838_ibm_flex_system8

http://secunia.com/advisories/51508/