CVE-2010-2655

Name of the Vulnerable Software and Affected Versions IBM BladeCenter with Advanced Management Module (AMM) firmware versions prior to 4.7 and 5.0 IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L

Description The issue allows remote authenticated users to list arbitrary directories and possibly have other unspecified impacts via a .. (dot dot) in the DIR parameter in the private/file management.php file.

Recommendations For IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, update to a version after BPET48L. For IBM BladeCenter with Advanced Management Module (AMM) firmware versions prior to 4.7, update to version 4.7 or later. For IBM BladeCenter with Advanced Management Module (AMM) firmware version 5.0, ensure you are running the latest patch for this version. As a temporary workaround, consider restricting access to the private/file management.php file until a patch is available. Avoid using the DIR parameter in the private/file management.php file with untrusted input until the issue is resolved.