CVE-2013-4030

Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/86068

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:ibm:integrated_management_module_2:1.00:::::::*
	cpe:2.3:h:ibm:integrated_management_module_2:2.00:::::::*

OR	cpe:2.3:h:ibm:flex_system_manager_node_8731:-:::::::*
	cpe:2.3:h:ibm:flex_system_manager_node_8734:-:::::::*
	cpe:2.3:h:ibm:system_x3690_x5:-:::::::*
	cpe:2.3:h:ibm:system_x3650_m2:-:::::::*
	cpe:2.3:h:ibm:bladecenter:hs23e:::::::*
	cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:::::::*
	cpe:2.3:h:ibm:system_x3250_m4:-:::::::*
	cpe:2.3:h:ibm:system_x3100_m4:-:::::::*
	cpe:2.3:h:ibm:flex_system_manager_node_7955:-:::::::*
	cpe:2.3:h:ibm:system_x3950_x5:-:::::::*
	cpe:2.3:h:ibm:system_x3850_x5:-:::::::*
	cpe:2.3:h:ibm:system_x3500_m3:-:::::::*
	cpe:2.3:h:ibm:flex_system_x440_compute_node:-:::::::*
	cpe:2.3:h:ibm:system_x3550_m3:-:::::::*
	cpe:2.3:h:ibm:system_x3550_m2:-:::::::*
	cpe:2.3:h:ibm:system_x3750_m4:-:::::::*
	cpe:2.3:h:ibm:system_x3630_m4_hd:-:::::::*
	cpe:2.3:h:ibm:bladecenter:hs23:::::::*
	cpe:2.3:h:ibm:system_x3650_m3:-:::::::*
	cpe:2.3:h:ibm:system_x3630_m3:-:::::::*
	cpe:2.3:h:ibm:system_x3500_m2:-:::::::*
	cpe:2.3:h:ibm:flex_system_x220_compute_node:-:::::::*
	cpe:2.3:h:ibm:system_x3300_m4:-:::::::*
	cpe:2.3:h:ibm:system_x3500_m4:-:::::::*
	cpe:2.3:h:ibm:system_x3650_m4_hd:-:::::::*
	cpe:2.3:h:ibm:system_x3630_m4:-:::::::*
	cpe:2.3:h:ibm:system_x_idataplex_direct_water_cooled_dx360_m4_server:-:::::::*
	cpe:2.3:h:ibm:flex_system_x240_compute_node:-:::::::*
	cpe:2.3:h:ibm:system_x3650_m4:-:::::::*
	cpe:2.3:h:ibm:system_x3550_m4:-:::::::*
	cpe:2.3:h:ibm:system_x3530_m4:-:::::::*

Information

Published : 2014-01-20 17:55

Updated : 2017-08-28 18:33

NVD link : CVE-2013-4030

Mitre link : CVE-2013-4030

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

ibm

system_x3100_m4
system_x3630_m4_hd
system_x_idataplex_dx360_m4_server
flex_system_manager_node_8734
flex_system_manager_node_8731
system_x3950_x5
system_x3250_m4
system_x_idataplex_direct_water_cooled_dx360_m4_server
flex_system_manager_node_7955
flex_system_x440_compute_node
system_x3630_m3
system_x3550_m4
flex_system_x240_compute_node
system_x3500_m4
system_x3550_m3
system_x3550_m2
bladecenter
system_x3650_m4
system_x3300_m4
system_x3500_m2
system_x3650_m2
system_x3650_m3
system_x3650_m4_hd
integrated_management_module_2
system_x3850_x5
system_x3530_m4
system_x3630_m4
system_x3750_m4
system_x3500_m3
flex_system_x220_compute_node
system_x3690_x5

4.3 /10