CVE-2010-2656

Name of the Vulnerable Software and Affected Versions IBM BladeCenter with Advanced Management Module (AMM) versions prior to 4.7 and 5.0 IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L

Description The issue allows remote attackers to download sensitive information, including logs or core files, due to insufficient access control. This can be achieved via direct requests, such as a request for "private/sdc.tgz".

Recommendations For IBM BladeCenter with Advanced Management Module (AMM) versions prior to 4.7 and 5.0, update to version 4.7 or 5.0 to resolve the issue. For IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, update to a version later than BPET48L to resolve the issue. As a temporary workaround, consider restricting access to sensitive files under the web root to minimize the risk of exploitation.