PT-2010-4178 · Ibm · Advanced Management Module+1

Published

2010-07-07

Updated

2010-07-20

CVE-2010-2656

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM BladeCenter with Advanced Management Module (AMM) versions prior to 4.7 and 5.0 IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L

Description The issue allows remote attackers to download sensitive information, including logs or core files, due to insufficient access control. This can be achieved via direct requests, such as a request for "private/sdc.tgz".

Recommendations For IBM BladeCenter with Advanced Management Module (AMM) versions prior to 4.7 and 5.0, update to version 4.7 or 5.0 to resolve the issue. For IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, update to a version later than BPET48L to resolve the issue. As a temporary workaround, consider restricting access to sensitive files under the web root to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2010-2656

Affected Products

Advanced Management Module

Ibm Bladecenter

PT-2010-4178 · Ibm · Advanced Management Module+1

CVE-2010-2656

Weakness Enumeration

Related Identifiers

Affected Products

References · 6