What is the severity of CVE-2010-2656?

CVE-2010-2656 is considered a high severity vulnerability due to its potential to expose sensitive information.

How do I fix CVE-2010-2656?

To fix CVE-2010-2656, it is recommended to update the IBM Advanced Management Module firmware to version 4.7 or later.

What type of information can be exposed in CVE-2010-2656?

CVE-2010-2656 can expose sensitive log files and core files allowing attackers to gain insight into the system.

Who is affected by CVE-2010-2656?

Users of the IBM BladeCenter with Advanced Management Module firmware versions before 4.7 and 5.0 are affected by CVE-2010-2656.

Can CVE-2010-2656 be exploited remotely?

Yes, CVE-2010-2656 can be exploited remotely by attackers to download sensitive files.

Vulnerability/
CVE-2010-2656

medium

CWE

264

7/7/2010

7/8/2024

CVE-2010-2656

First published: Wed Jul 07 2010(Updated: )

The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Ibm Advanced Management Module	<=2.48
Ibm Advanced Management Module	=1.00
Ibm Advanced Management Module	=1.01
Ibm Advanced Management Module	=1.20
Ibm Advanced Management Module	=1.20-f
Ibm Advanced Management Module	=1.25
Ibm Advanced Management Module	=1.25-e
Ibm Advanced Management Module	=1.25-i
Ibm Advanced Management Module	=1.26-b
Ibm Advanced Management Module	=1.26-e
Ibm Advanced Management Module	=1.26-h
Ibm Advanced Management Module	=1.26-i
Ibm Advanced Management Module	=1.26-k
Ibm Advanced Management Module	=1.28-g
Ibm Advanced Management Module	=1.32-d
Ibm Advanced Management Module	=1.34-b
Ibm Advanced Management Module	=1.34-e
Ibm Advanced Management Module	=1.36-d
Ibm Advanced Management Module	=1.36-g
Ibm Advanced Management Module	=1.36-h
Ibm Advanced Management Module	=1.36-k
Ibm Advanced Management Module	=1.42-d
Ibm Advanced Management Module	=1.42-f
Ibm Advanced Management Module	=1.42-i
Ibm Advanced Management Module	=1.42-n
Ibm Advanced Management Module	=1.42-o
Ibm Advanced Management Module	=1.42-t
Ibm Advanced Management Module	=2.46-c
Ibm Advanced Management Module	=2.46-j
Ibm Advanced Management Module	=2.48-c
Ibm Advanced Management Module	=2.48-d
Ibm Advanced Management Module	=2.48-g
Ibm Advanced Management Module	=2.48-n
Ibm Advanced Management Module	=2.50-c
Ibm Advanced Management Module	=2.50-g
Ibm Advanced Management Module	=2.50-k
Ibm Advanced Management Module	=2.50-p
IBM BladeCenter

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-2656?
CVE-2010-2656 is considered a high severity vulnerability due to its potential to expose sensitive information.
How do I fix CVE-2010-2656?
To fix CVE-2010-2656, it is recommended to update the IBM Advanced Management Module firmware to version 4.7 or later.
What type of information can be exposed in CVE-2010-2656?
CVE-2010-2656 can expose sensitive log files and core files allowing attackers to gain insight into the system.
Who is affected by CVE-2010-2656?
Users of the IBM BladeCenter with Advanced Management Module firmware versions before 4.7 and 5.0 are affected by CVE-2010-2656.
Can CVE-2010-2656 be exploited remotely?
Yes, CVE-2010-2656 can be exploited remotely by attackers to download sensitive files.

collector/nvd-historical
collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/last-modified-date
agent/weakness
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/source
vendor/ibm
canonical/ibm advanced management module
version/ibm advanced management module/2.48
version/ibm advanced management module/1.00
version/ibm advanced management module/1.01
version/ibm advanced management module/1.20
version/ibm advanced management module/1.20-f
version/ibm advanced management module/1.25
version/ibm advanced management module/1.25-e
version/ibm advanced management module/1.25-i
version/ibm advanced management module/1.26-b
version/ibm advanced management module/1.26-e
version/ibm advanced management module/1.26-h
version/ibm advanced management module/1.26-i
version/ibm advanced management module/1.26-k
version/ibm advanced management module/1.28-g
version/ibm advanced management module/1.32-d
version/ibm advanced management module/1.34-b
version/ibm advanced management module/1.34-e
version/ibm advanced management module/1.36-d
version/ibm advanced management module/1.36-g
version/ibm advanced management module/1.36-h
version/ibm advanced management module/1.36-k
version/ibm advanced management module/1.42-d
version/ibm advanced management module/1.42-f
version/ibm advanced management module/1.42-i
version/ibm advanced management module/1.42-n
version/ibm advanced management module/1.42-o
version/ibm advanced management module/1.42-t
version/ibm advanced management module/2.46-c
version/ibm advanced management module/2.46-j
version/ibm advanced management module/2.48-c
version/ibm advanced management module/2.48-d
version/ibm advanced management module/2.48-g
version/ibm advanced management module/2.48-n
version/ibm advanced management module/2.50-c
version/ibm advanced management module/2.50-g
version/ibm advanced management module/2.50-k
version/ibm advanced management module/2.50-p
canonical/ibm bladecenter

CVE-2010-2656

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-2656?

How do I fix CVE-2010-2656?

What type of information can be exposed in CVE-2010-2656?

Who is affected by CVE-2010-2656?

Can CVE-2010-2656 be exploited remotely?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2010-2656?

How do I fix CVE-2010-2656?

What type of information can be exposed in CVE-2010-2656?

Who is affected by CVE-2010-2656?

Can CVE-2010-2656 be exploited remotely?