VAR-201009-0013
Vulnerability from variot - Updated: 2025-04-11 23:03Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change settings or (2) conduct denial of service attacks. The Local Management Interface is a set of enhancements to the basic Frame Relay specification. When exploited by an attacker, the identified vulnerabilities could lead to compromising the security of the appliance, including unauthorized alteration of appliance's settings, DoS attacks, etc.
Affected Versions
IBM Proventia Network Mail Security System - virtual appliance (firmware 1.6) IBM Proventia Network Mail Security System - virtual appliance (firmware 2.5)
Mitigation
Vendor recommends upgrading to PNMSS firmware 2.5.0.2 or later. Alternatively, please contact IBM for technical support.
Disclosure Timeline
2009, November 07: Vulnerabilities discovered and documented 2009, November 08: Notification sent to IBM 2009, November 09: IBM acknowledges receiving the report 2010, March: IBM releases PNMSS Firmware 2.5.0.2 correcting the reported issues 2010, September 12: MVSA-10-006 advisory published.
Credits
Dr. Marian Ventuneac http://ventuneac.net
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201009-0013",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proventia network mail security system virtual appliance",
"scope": null,
"trust": 1.4,
"vendor": "ibm",
"version": null
},
{
"model": "proventia network mail security system virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "1.6"
},
{
"model": "proventia network mail security system virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.5"
},
{
"model": "proventia network mail security system virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "*"
},
{
"model": "proventia network mail security system virtual appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "2.5.0.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002929"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-113"
},
{
"db": "NVD",
"id": "CVE-2010-0153"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ibm:proventia_network_mail_security_system_virtual_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:proventia_network_mail_security_system_virtual_appliance_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002929"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dr. Marian Ventuneac",
"sources": [
{
"db": "PACKETSTORM",
"id": "93798"
}
],
"trust": 0.1
},
"cve": "CVE-2010-0153",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2010-0153",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-42758",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-0153",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-0153",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201009-113",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-42758",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42758"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002929"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-113"
},
{
"db": "NVD",
"id": "CVE-2010-0153"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change settings or (2) conduct denial of service attacks. The Local Management Interface is a set of enhancements to the basic Frame Relay specification. When exploited by an attacker, the identified vulnerabilities could lead to compromising the security of the appliance, including unauthorized alteration of appliance\u0027s settings, DoS attacks, etc. \n\n\nAffected Versions\n\nIBM Proventia Network Mail Security System - virtual appliance (firmware 1.6)\nIBM Proventia Network Mail Security System - virtual appliance (firmware 2.5)\n\n\nMitigation \n\nVendor recommends upgrading to PNMSS firmware 2.5.0.2 or later. \nAlternatively, please contact IBM for technical support. \n\n\nDisclosure Timeline \n\n2009, November 07: Vulnerabilities discovered and documented\n2009, November 08: Notification sent to IBM\n2009, November 09: IBM acknowledges receiving the report \n2010, March: IBM releases PNMSS Firmware 2.5.0.2 correcting the reported issues\n2010, September 12: MVSA-10-006 advisory published. \n\n\nCredits\n\nDr. Marian Ventuneac\nhttp://ventuneac.net\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0153"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002929"
},
{
"db": "VULHUB",
"id": "VHN-42758"
},
{
"db": "PACKETSTORM",
"id": "93798"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-42758",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42758"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-0153",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002929",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201009-113",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20100912 MVSA-10-006 / CVE-2010-0153 - IBM PROVENTIA NETWORK MAIL SECURITY SYSTEM - CROSS-SITE REQUEST FORGERY VULNERABILITIES",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "93798",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-42758",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42758"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002929"
},
{
"db": "PACKETSTORM",
"id": "93798"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-113"
},
{
"db": "NVD",
"id": "CVE-2010-0153"
}
]
},
"id": "VAR-201009-0013",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-42758"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T23:03:18.600000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Proventia Network Mail Security System",
"trust": 0.8,
"url": "http://www-935.ibm.com/services/us/en/it-services/proventia-network-mail-security-system.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002929"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42758"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002929"
},
{
"db": "NVD",
"id": "CVE-2010-0153"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.ventuneac.net/security-advisories/mvsa-10-006"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/513627/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0153"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0153"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/513627/100/0/threaded"
},
{
"trust": 0.1,
"url": "http://ventuneac.net"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0153"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42758"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002929"
},
{
"db": "PACKETSTORM",
"id": "93798"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-113"
},
{
"db": "NVD",
"id": "CVE-2010-0153"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-42758"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002929"
},
{
"db": "PACKETSTORM",
"id": "93798"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-113"
},
{
"db": "NVD",
"id": "CVE-2010-0153"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-14T00:00:00",
"db": "VULHUB",
"id": "VHN-42758"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002929"
},
{
"date": "2010-09-14T01:00:51",
"db": "PACKETSTORM",
"id": "93798"
},
{
"date": "2010-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-113"
},
{
"date": "2010-09-14T17:00:01.387000",
"db": "NVD",
"id": "CVE-2010-0153"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-42758"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002929"
},
{
"date": "2010-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-113"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-0153"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201009-113"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM PNMSS Appliance LMI Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002929"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201009-113"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…