ByteOS Network

NVD Vulnerability Details :

CVE-2014-0860

Modified

Source-psirt@us.ibm.com

Published At-07 Jul, 2014 | 11:01

Updated At-06 May, 2026 | 22:30

The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-310	Primary	nvd@nist.gov

CWE ID: CWE-310

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840	psirt@us.ibm.com	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/90880	psirt@us.ibm.com	N/A
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/90880	af854a3a-2127-422b-91ae-364da2661108	N/A