CVE-2013-4031
Severity CVSS v4.0:
Pending analysis
Type:
CWE-255
Credentials Management
Publication date:
09/08/2013
Last modified:
11/04/2025
Description
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ibm:flex_system_x220_compute_node:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ibm:flex_system_x240_compute_node:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ibm:flex_system_x440_compute_node:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ibm:system_x_idataplex_dx360_m3_server:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ibm:system_x3100_m4:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ibm:system_x3200_m3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ibm:system_x3250_m3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:ibm:system_x3250_m4:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page