Security Bulletin: Vulnerability in IBM Advanced Management Module (CVE-2013-4007)


Cross-Site Scripting (XSS) vulnerability is found in adv_sw.php page of IBM advanced Management Module.

Vulnerabily Details:|
CVE ID: CVE-2013-4007


A remote attacker could exploit this vulnerability to execute a script in a victim's web browser within the security context of the hosting web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. This attack does require that the user clicking the vulnerable link be authenticated with a valid user ID and password.

CVSS Base Score: 3.5
CVSS Temporal Score: See for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

Affected Products:

AMM FW versions before BPET64G, BBET64G


The recommended solution is to apply the fix to all previous versions as soon as practical. Please see below for information on the fixes available


Update AMM firmware version to BPET64G and BBET64G. Firmware can be downloaded from IBM Fix Central.

Workaround(s) & Mitigation(s):



Complete CVSS Guide
On-line Calculator V2

Related Information:

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
IBM Fix Central


This vulnerability was reported to IBM by Jens Regel of Schneider & Wulf EVD-Beratung.

Change History:

12 August 2013: Original copy published

Applicable countries and regions


Document id:  MIGR-5093491
Last modified:  2013-08-12
Copyright © 2015 IBM Corporation