CVE-2010-2656

The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
ibmadvanced_management_module
𝑥
≤ 2.48
ibmadvanced_management_module
1.00
ibmadvanced_management_module
1.01
ibmadvanced_management_module
1.20
ibmadvanced_management_module
1.20:f
ibmadvanced_management_module
1.25
ibmadvanced_management_module
1.25:e
ibmadvanced_management_module
1.25:i
ibmadvanced_management_module
1.26:b
ibmadvanced_management_module
1.26:e
ibmadvanced_management_module
1.26:h
ibmadvanced_management_module
1.26:i
ibmadvanced_management_module
1.26:k
ibmadvanced_management_module
1.28:g
ibmadvanced_management_module
1.32:d
ibmadvanced_management_module
1.34:b
ibmadvanced_management_module
1.34:e
ibmadvanced_management_module
1.36:d
ibmadvanced_management_module
1.36:g
ibmadvanced_management_module
1.36:h
ibmadvanced_management_module
1.36:k
ibmadvanced_management_module
1.42:d
ibmadvanced_management_module
1.42:f
ibmadvanced_management_module
1.42:i
ibmadvanced_management_module
1.42:n
ibmadvanced_management_module
1.42:o
ibmadvanced_management_module
1.42:t
ibmadvanced_management_module
2.46:c
ibmadvanced_management_module
2.46:j
ibmadvanced_management_module
2.48:c
ibmadvanced_management_module
2.48:d
ibmadvanced_management_module
2.48:g
ibmadvanced_management_module
2.48:n
ibmadvanced_management_module
2.50:c
ibmadvanced_management_module
2.50:g
ibmadvanced_management_module
2.50:k
ibmadvanced_management_module
2.50:p
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dsecrg.com/pages/vul/show.php?id=154
http://osvdb.org/66123
http://www.exploit-db.com/exploits/14237/
http://www.securityfocus.com/bid/41383
http://dsecrg.com/pages/vul/show.php?id=154
http://osvdb.org/66123
http://www.exploit-db.com/exploits/14237/
http://www.securityfocus.com/bid/41383