Security Bulletin: Vulnerability in IBM Advanced Management Module (CVE-2013-4007)
AbstractCross-Site Scripting (XSS) vulnerability is found in adv_sw.php page of IBM advanced Management Module.
A remote attacker could exploit this vulnerability to execute a script in a victim's web browser within the security context of the hosting web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. This attack does require that the user clicking the vulnerable link be authenticated with a valid user ID and password.
AMM FW versions before BPET64G, BBET64G
The recommended solution is to apply the fix to all previous versions as soon as practical. Please see below for information on the fixes available
Update AMM firmware version to BPET64G and BBET64G. Firmware can be downloaded from IBM Fix Central.
Workaround(s) & Mitigation(s):None
This vulnerability was reported to IBM by Jens Regel of Schneider & Wulf EVD-Beratung.
12 August 2013: Original copy published
Applicable countries and regions
Document id: MIGR-5093491