CVE-2013-4031

critical

Published 2013-08-09 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463

References

http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463
https://exchange.xforce.ibmcloud.com/vulnerabilities/86172
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463
https://exchange.xforce.ibmcloud.com/vulnerabilities/86172

CWEs

CWE-255

Verify integrity in audit chain (admin only). AS-IS.