Cross-Site Scripting Vulnerabilities in IBM BladeCenter AMM Firmware
CVE-2010-2654

Currently unrated

Key Information:

Vendor: IBM
Status: Advanced Management Module
Vendor: CVE Published:; 8 July 2010

Summary

The IBM BladeCenter with Advanced Management Module (AMM) firmware is susceptible to multiple cross-site scripting (XSS) vulnerabilities. Remote attackers can exploit these vulnerabilities to inject arbitrary web scripts or HTML by manipulating several parameters within specific PHP files, including 'INDEX', 'IPADDR', 'domain', 'slot', 'WEBINDEX', and 'SLOT'. This can lead to unauthorized access, data theft, or service disruption if not properly secured. Stakeholders should promptly review their systems for the affected versions and apply necessary updates.

References

http://www.exploit-db.com/exploits/14237/

exploitx_refsource_EXPLOIT-DB

http://osvdb.org/66125

vdb-entryx_refsource_OSVDB

http://osvdb.org/66128

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jul 8, 2010
Vulnerability Reserved
Jul 7, 2010