Information Disclosure Vulnerability in IBM BladeCenter AMM Firmware
CVE-2010-2656

Currently unrated

Key Information:

Vendor: IBM
Status: Advanced Management Module
Vendor: CVE Published:; 8 July 2010

Summary

The IBM BladeCenter with Advanced Management Module (AMM) firmware, specifically build BPET48L and potentially earlier versions, has a critical issue concerning insufficient access controls. This vulnerability permits local or remote attackers to access and retrieve sensitive files, such as logs and core dumps, by making direct requests to stored files within the web root directory. This exposure could lead to significant data leaks and unauthorized system interactions if exploited.

References

http://www.exploit-db.com/exploits/14237/

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/41383

vdb-entryx_refsource_BID

http://dsecrg.com/pages/vul/show.php?id=154

x_refsource_MISC

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 8, 2010
Vulnerability Reserved
Jul 7, 2010