Directory Traversal Vulnerability in IBM BladeCenter Advanced Management Module
CVE-2010-2655

Currently unrated

Key Information:

Vendor: IBM
Status: Advanced Management Module
Vendor: CVE Published:; 8 July 2010

What is CVE-2010-2655?

A directory traversal vulnerability exists in the IBM BladeCenter Advanced Management Module's file management functionality. This flaw enables remote authenticated users to navigate the directory structure by employing the '..' (dot dot) sequence in the DIR parameter. As a result, malicious users can potentially list arbitrary directories, leading to unauthorized access to sensitive information and system configuration files.

References

http://www.exploit-db.com/exploits/14237/

exploitx_refsource_EXPLOIT-DB

http://osvdb.org/66124

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/41383

vdb-entryx_refsource_BID

EPSS Score

19% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2010
Vulnerability Reserved
Jul 7, 2010