Sign-up

ID

VAR-201709-0198


CVE

CVE-2014-9565


TITLE

IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Cross-site request forgery vulnerability in switch firmware

Trust: 0.8

sources: JVNDB: JVNDB-2014-008370

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switches are products of IBM Corporation of the United States. The former is an Ethernet adapter product; the latter is a switch product. Allows an attacker to exploit the vulnerability to gain unauthorized access to gain access to affected applications. Other attacks are also possible. The vulnerability is caused by the program not correctly validating the input submitted by the user

Trust: 2.52

sources: NVD: CVE-2014-9565 // JVNDB: JVNDB-2014-008370 // CNVD: CNVD-2015-03676 // BID: 74930 // VULHUB: VHN-77510

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-03676

AFFECTED PRODUCTS

vendor:ibmmodel:ib6131scope:lteversion:3.4.0.0.0.0

Trust: 1.0

vendor:ibmmodel:en6131scope:lteversion:3.4.0.0.0.0

Trust: 1.0

vendor:ibmmodel:flex system en6131 40gb ethernet switchscope:lteversion:3.4.0000

Trust: 0.8

vendor:ibmmodel:flex system ib6131 40gb infiniband switchscope:lteversion:3.4.0000

Trust: 0.8

vendor:ibmmodel:flex system ib6131 40gb infinibandscope:lteversion:<=3.4.0000

Trust: 0.6

vendor:ibmmodel:flex system en6131 40gb ethernetscope:lteversion:<=3.4.0000

Trust: 0.6

vendor:ibmmodel:ib6131scope:eqversion:3.4.0.0.0.0

Trust: 0.6

vendor:ibmmodel:en6131scope:eqversion:3.4.0.0.0.0

Trust: 0.6

vendor:ibmmodel:flex system ib6131 40gb infiniband switchscope:eqversion:3.4

Trust: 0.3

vendor:ibmmodel:flex system en6131 40gb ethernet switchscope:eqversion:3.4

Trust: 0.3

vendor:ibmmodel:flex system ib6131 40gb infiniband switchscope:neversion:3.4.1110

Trust: 0.3

vendor:ibmmodel:flex system en6131 40gb ethernet switchscope:neversion:3.4.1110

Trust: 0.3

sources: CNVD: CNVD-2015-03676 // BID: 74930 // JVNDB: JVNDB-2014-008370 // CNNVD: CNNVD-201506-076 // NVD: CVE-2014-9565

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9565
value: HIGH

Trust: 1.0

NVD: CVE-2014-9565
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-03676
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-076
value: MEDIUM

Trust: 0.6

VULHUB: VHN-77510
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-9565
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-03676
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-77510
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-9565
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2015-03676 // VULHUB: VHN-77510 // JVNDB: JVNDB-2014-008370 // CNNVD: CNNVD-201506-076 // NVD: CVE-2014-9565

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-77510 // JVNDB: JVNDB-2014-008370 // NVD: CVE-2014-9565

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-076

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201506-076

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008370

PATCH
title:MIGR-5098173url:https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173
Trust: 0.8
title:Patches for multiple IBM product cross-site request forgery vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/59406
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-03676 // 
            
            
            
            JVNDB: JVNDB-2014-008370

EXTERNAL IDS
db:NVDid:CVE-2014-9565
Trust: 3.4
db:BIDid:74930
Trust: 2.6
db:JVNDBid:JVNDB-2014-008370
Trust: 0.8
db:CNNVDid:CNNVD-201506-076
Trust: 0.7
db:CNVDid:CNVD-2015-03676
Trust: 0.6
db:VULHUBid:VHN-77510
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-03676 // 
            
            
            
            VULHUB: VHN-77510 // 
            
            
            
            BID: 74930 // 
            
            
            
            JVNDB: JVNDB-2014-008370 // 
            
            
            
            CNNVD: CNNVD-201506-076 // 
            
            
            
            NVD: CVE-2014-9565

REFERENCES
url:http://www.securityfocus.com/bid/74930
Trust: 2.3
url:https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5098173
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9565
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-9565
Trust: 0.8
url:http://www.ibm.com
Trust: 0.3
url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098173
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-03676 // 
            
            
            
            VULHUB: VHN-77510 // 
            
            
            
            BID: 74930 // 
            
            
            
            JVNDB: JVNDB-2014-008370 // 
            
            
            
            CNNVD: CNNVD-201506-076 // 
            
            
            
            NVD: CVE-2014-9565

CREDITS
IBM
Trust: 0.9
sources:
            
            
            BID: 74930 // 
            
            
            
            CNNVD: CNNVD-201506-076

SOURCES
db:CNVDid:CNVD-2015-03676
db:VULHUBid:VHN-77510
db:BIDid:74930
db:JVNDBid:JVNDB-2014-008370
db:CNNVDid:CNNVD-201506-076
db:NVDid:CVE-2014-9565

LAST UPDATE DATE
2025-04-20T23:22:12.375000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-03676date:2015-06-10T00:00:00
db:VULHUBid:VHN-77510date:2017-09-12T00:00:00
db:BIDid:74930date:2015-05-29T00:00:00
db:JVNDBid:JVNDB-2014-008370date:2017-09-29T00:00:00
db:CNNVDid:CNNVD-201506-076date:2017-09-08T00:00:00
db:NVDid:CVE-2014-9565date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-03676date:2015-06-10T00:00:00
db:VULHUBid:VHN-77510date:2017-09-07T00:00:00
db:BIDid:74930date:2015-05-29T00:00:00
db:JVNDBid:JVNDB-2014-008370date:2017-09-29T00:00:00
db:CNNVDid:CNNVD-201506-076date:2015-05-29T00:00:00
db:NVDid:CVE-2014-9565date:2017-09-07T20:29:00.190