FKIE_CVE-2010-2656

Vulnerability from fkie_nvd - Published: 2010-07-08 12:54 - Updated: 2025-04-11 00:51
Severity ?
Summary
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.
References
cve@mitre.orghttp://dsecrg.com/pages/vul/show.php?id=154Exploit
cve@mitre.orghttp://osvdb.org/66123
cve@mitre.orghttp://www.exploit-db.com/exploits/14237/Exploit
cve@mitre.orghttp://www.securityfocus.com/bid/41383Exploit
af854a3a-2127-422b-91ae-364da2661108http://dsecrg.com/pages/vul/show.php?id=154Exploit
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/66123
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/14237/Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/41383Exploit
Impacted products
Vendor Product Version
ibm advanced_management_module *
ibm advanced_management_module 1.00
ibm advanced_management_module 1.01
ibm advanced_management_module 1.20
ibm advanced_management_module 1.20
ibm advanced_management_module 1.25
ibm advanced_management_module 1.25
ibm advanced_management_module 1.25
ibm advanced_management_module 1.26
ibm advanced_management_module 1.26
ibm advanced_management_module 1.26
ibm advanced_management_module 1.26
ibm advanced_management_module 1.26
ibm advanced_management_module 1.28
ibm advanced_management_module 1.32
ibm advanced_management_module 1.34
ibm advanced_management_module 1.34
ibm advanced_management_module 1.36
ibm advanced_management_module 1.36
ibm advanced_management_module 1.36
ibm advanced_management_module 1.36
ibm advanced_management_module 1.42
ibm advanced_management_module 1.42
ibm advanced_management_module 1.42
ibm advanced_management_module 1.42
ibm advanced_management_module 1.42
ibm advanced_management_module 1.42
ibm advanced_management_module 2.46
ibm advanced_management_module 2.46
ibm advanced_management_module 2.48
ibm advanced_management_module 2.48
ibm advanced_management_module 2.48
ibm advanced_management_module 2.48
ibm advanced_management_module 2.50
ibm advanced_management_module 2.50
ibm advanced_management_module 2.50
ibm advanced_management_module 2.50
ibm bladecenter *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:*:l:*:*:*:*:*:*",
              "matchCriteriaId": "AC52F58A-CC17-48B4-ABB1-7470AE5FFBDE",
              "versionEndIncluding": "2.48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "478D3D8F-338F-494A-A3FF-5B1007DD90CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF211E79-BC73-4D6A-8153-19AEE82345D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "231325FC-D582-41B6-8CF4-07FEE414D19B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:f:*:*:*:*:*:*",
              "matchCriteriaId": "F2F265EA-4CDD-4B6F-9212-74D395F6034A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A01662B-8A72-4011-AA27-5A12C6B56FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:e:*:*:*:*:*:*",
              "matchCriteriaId": "9DFF42E1-162B-46EA-BDB6-E3452201550A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:i:*:*:*:*:*:*",
              "matchCriteriaId": "BBFF96E9-59AB-40D8-A531-7FB36A4B1E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:b:*:*:*:*:*:*",
              "matchCriteriaId": "EACAF1A3-EADC-4E15-AE0C-76F6E1FE5219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:e:*:*:*:*:*:*",
              "matchCriteriaId": "0E5AA726-67C7-43EF-AB4C-DC9EC2AB39A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:h:*:*:*:*:*:*",
              "matchCriteriaId": "0B967754-11D2-4903-AB8E-6608FD0FD836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:i:*:*:*:*:*:*",
              "matchCriteriaId": "1F293BB5-4169-49EC-8DF4-3F0575F7F4D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:k:*:*:*:*:*:*",
              "matchCriteriaId": "178B4552-5FE7-439F-86C4-5123F23F4117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.28:g:*:*:*:*:*:*",
              "matchCriteriaId": "F58BC7F2-438E-4681-9741-7A8DC581DE3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.32:d:*:*:*:*:*:*",
              "matchCriteriaId": "86CF34AF-A48D-4CE0-9144-5209A16C9C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:b:*:*:*:*:*:*",
              "matchCriteriaId": "A555F94B-2D23-4ED6-947C-CBEC1A2768C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:e:*:*:*:*:*:*",
              "matchCriteriaId": "AEC68099-D84F-4516-8D6A-3580F49DF4B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:d:*:*:*:*:*:*",
              "matchCriteriaId": "304A13AA-E04B-43B6-84DD-3235170F5C55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:g:*:*:*:*:*:*",
              "matchCriteriaId": "F26C2C6D-D2E1-42D6-A700-53AD1D3A3876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:h:*:*:*:*:*:*",
              "matchCriteriaId": "5F61FF30-2B40-44A3-8257-69E92EC0DE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:k:*:*:*:*:*:*",
              "matchCriteriaId": "EF1B6195-649E-4577-99F3-B04C0B762FF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:d:*:*:*:*:*:*",
              "matchCriteriaId": "377C2D86-620B-4BC8-A118-9B52EBC609D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:f:*:*:*:*:*:*",
              "matchCriteriaId": "E9BB015A-30D6-4942-BAC6-DD96E151B8CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:i:*:*:*:*:*:*",
              "matchCriteriaId": "7B916267-C840-48C5-B3DC-73BCDA9C91C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:n:*:*:*:*:*:*",
              "matchCriteriaId": "6D979D22-C158-41DE-8AFA-EF3C040B1F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:o:*:*:*:*:*:*",
              "matchCriteriaId": "66B0F30E-1E3F-4BD4-BE24-0A26C4CA56E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:t:*:*:*:*:*:*",
              "matchCriteriaId": "2C927655-9D61-4921-AA51-27E7D6A2007C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:c:*:*:*:*:*:*",
              "matchCriteriaId": "1ED4EBB8-760C-4DA6-8404-3BB104D08656",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:j:*:*:*:*:*:*",
              "matchCriteriaId": "C65476D1-5104-4DE1-B0DF-FBD811F74ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:c:*:*:*:*:*:*",
              "matchCriteriaId": "A2F8CD93-5278-43F6-87E0-0FED8ACD330A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:d:*:*:*:*:*:*",
              "matchCriteriaId": "6460DE58-67FA-44AE-B20F-A60BAC07F516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:g:*:*:*:*:*:*",
              "matchCriteriaId": "54EAE737-288C-4F0E-A510-44C8B4B94E70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:n:*:*:*:*:*:*",
              "matchCriteriaId": "D29A5D9C-E5F7-4228-A63F-82F2A55E242E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:c:*:*:*:*:*:*",
              "matchCriteriaId": "EA87A054-0FF2-407C-95C7-21CC7C98801C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:g:*:*:*:*:*:*",
              "matchCriteriaId": "8BDD8DB8-3B3B-4A10-BEF5-703D6DB7E874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:k:*:*:*:*:*:*",
              "matchCriteriaId": "0D10BE3E-7AB3-4F75-BB38-BB9EB5D27BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:p:*:*:*:*:*:*",
              "matchCriteriaId": "2274C274-E094-4F01-9D81-B5FC1FAD3F8D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:bladecenter:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C9F62C-79C0-4079-824C-E076DA20CE2F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz."
    },
    {
      "lang": "es",
      "value": "El BladeCenter de IBM con Advanced Management Module (AMM) firmware build ID BPET48L, y posiblemente otras versiones anteriores a v4.7 y v5.0, almacena informaci\u00f3n sensible bajo la ra\u00edz web con insuficiente control de acceso, lo cual permite a los atacantes remotos descargar (1) logs o (2) archivos del n\u00facleo mediante una petici\u00f3n directa, como se ha demostrado mediante una petici\u00f3n para private/sdc.tgz."
    }
  ],
  "id": "CVE-2010-2656",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-07-08T12:54:47.210",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://dsecrg.com/pages/vul/show.php?id=154"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/66123"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/14237/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/41383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://dsecrg.com/pages/vul/show.php?id=154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/66123"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/14237/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/41383"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.