CVE-2010-2656

EUVD-2010-2660
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
ibmadvanced_management_module
𝑥
≤ 2.48
ibmadvanced_management_module
1.00
ibmadvanced_management_module
1.01
ibmadvanced_management_module
1.20
ibmadvanced_management_module
1.20:f
ibmadvanced_management_module
1.25
ibmadvanced_management_module
1.25:e
ibmadvanced_management_module
1.25:i
ibmadvanced_management_module
1.26:b
ibmadvanced_management_module
1.26:e
ibmadvanced_management_module
1.26:h
ibmadvanced_management_module
1.26:i
ibmadvanced_management_module
1.26:k
ibmadvanced_management_module
1.28:g
ibmadvanced_management_module
1.32:d
ibmadvanced_management_module
1.34:b
ibmadvanced_management_module
1.34:e
ibmadvanced_management_module
1.36:d
ibmadvanced_management_module
1.36:g
ibmadvanced_management_module
1.36:h
ibmadvanced_management_module
1.36:k
ibmadvanced_management_module
1.42:d
ibmadvanced_management_module
1.42:f
ibmadvanced_management_module
1.42:i
ibmadvanced_management_module
1.42:n
ibmadvanced_management_module
1.42:o
ibmadvanced_management_module
1.42:t
ibmadvanced_management_module
2.46:c
ibmadvanced_management_module
2.46:j
ibmadvanced_management_module
2.48:c
ibmadvanced_management_module
2.48:d
ibmadvanced_management_module
2.48:g
ibmadvanced_management_module
2.48:n
ibmadvanced_management_module
2.50:c
ibmadvanced_management_module
2.50:g
ibmadvanced_management_module
2.50:k
ibmadvanced_management_module
2.50:p
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dsecrg.com/pages/vul/show.php?id=154
http://osvdb.org/66123
http://www.exploit-db.com/exploits/14237/
http://www.securityfocus.com/bid/41383
http://dsecrg.com/pages/vul/show.php?id=154
http://osvdb.org/66123
http://www.exploit-db.com/exploits/14237/
http://www.securityfocus.com/bid/41383