CVE-2010-2656
First published: Wed Jul 07 2010(Updated: )
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Advanced Management Module Firmware | <=2.48 | |
| IBM Advanced Management Module Firmware | =1.00 | |
| IBM Advanced Management Module Firmware | =1.01 | |
| IBM Advanced Management Module Firmware | =1.20 | |
| IBM Advanced Management Module Firmware | =1.20-f | |
| IBM Advanced Management Module Firmware | =1.25 | |
| IBM Advanced Management Module Firmware | =1.25-e | |
| IBM Advanced Management Module Firmware | =1.25-i | |
| IBM Advanced Management Module Firmware | =1.26-b | |
| IBM Advanced Management Module Firmware | =1.26-e | |
| IBM Advanced Management Module Firmware | =1.26-h | |
| IBM Advanced Management Module Firmware | =1.26-i | |
| IBM Advanced Management Module Firmware | =1.26-k | |
| IBM Advanced Management Module Firmware | =1.28-g | |
| IBM Advanced Management Module Firmware | =1.32-d | |
| IBM Advanced Management Module Firmware | =1.34-b | |
| IBM Advanced Management Module Firmware | =1.34-e | |
| IBM Advanced Management Module Firmware | =1.36-d | |
| IBM Advanced Management Module Firmware | =1.36-g | |
| IBM Advanced Management Module Firmware | =1.36-h | |
| IBM Advanced Management Module Firmware | =1.36-k | |
| IBM Advanced Management Module Firmware | =1.42-d | |
| IBM Advanced Management Module Firmware | =1.42-f | |
| IBM Advanced Management Module Firmware | =1.42-i | |
| IBM Advanced Management Module Firmware | =1.42-n | |
| IBM Advanced Management Module Firmware | =1.42-o | |
| IBM Advanced Management Module Firmware | =1.42-t | |
| IBM Advanced Management Module Firmware | =2.46-c | |
| IBM Advanced Management Module Firmware | =2.46-j | |
| IBM Advanced Management Module Firmware | =2.48-c | |
| IBM Advanced Management Module Firmware | =2.48-d | |
| IBM Advanced Management Module Firmware | =2.48-g | |
| IBM Advanced Management Module Firmware | =2.48-n | |
| IBM Advanced Management Module Firmware | =2.50-c | |
| IBM Advanced Management Module Firmware | =2.50-g | |
| IBM Advanced Management Module Firmware | =2.50-k | |
| IBM Advanced Management Module Firmware | =2.50-p | |
| IBM BladeCenter |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-2656?
CVE-2010-2656 is considered a high severity vulnerability due to its potential to expose sensitive information.
How do I fix CVE-2010-2656?
To fix CVE-2010-2656, it is recommended to update the IBM Advanced Management Module firmware to version 4.7 or later.
What type of information can be exposed in CVE-2010-2656?
CVE-2010-2656 can expose sensitive log files and core files allowing attackers to gain insight into the system.
Who is affected by CVE-2010-2656?
Users of the IBM BladeCenter with Advanced Management Module firmware versions before 4.7 and 5.0 are affected by CVE-2010-2656.
Can CVE-2010-2656 be exploited remotely?
Yes, CVE-2010-2656 can be exploited remotely by attackers to download sensitive files.
- collector/nvd-historical
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm advanced management module firmware
- version/ibm advanced management module firmware/2.48
- version/ibm advanced management module firmware/1.00
- version/ibm advanced management module firmware/1.01
- version/ibm advanced management module firmware/1.20
- version/ibm advanced management module firmware/1.20-f
- version/ibm advanced management module firmware/1.25
- version/ibm advanced management module firmware/1.25-e
- version/ibm advanced management module firmware/1.25-i
- version/ibm advanced management module firmware/1.26-b
- version/ibm advanced management module firmware/1.26-e
- version/ibm advanced management module firmware/1.26-h
- version/ibm advanced management module firmware/1.26-i
- version/ibm advanced management module firmware/1.26-k
- version/ibm advanced management module firmware/1.28-g
- version/ibm advanced management module firmware/1.32-d
- version/ibm advanced management module firmware/1.34-b
- version/ibm advanced management module firmware/1.34-e
- version/ibm advanced management module firmware/1.36-d
- version/ibm advanced management module firmware/1.36-g
- version/ibm advanced management module firmware/1.36-h
- version/ibm advanced management module firmware/1.36-k
- version/ibm advanced management module firmware/1.42-d
- version/ibm advanced management module firmware/1.42-f
- version/ibm advanced management module firmware/1.42-i
- version/ibm advanced management module firmware/1.42-n
- version/ibm advanced management module firmware/1.42-o
- version/ibm advanced management module firmware/1.42-t
- version/ibm advanced management module firmware/2.46-c
- version/ibm advanced management module firmware/2.46-j
- version/ibm advanced management module firmware/2.48-c
- version/ibm advanced management module firmware/2.48-d
- version/ibm advanced management module firmware/2.48-g
- version/ibm advanced management module firmware/2.48-n
- version/ibm advanced management module firmware/2.50-c
- version/ibm advanced management module firmware/2.50-g
- version/ibm advanced management module firmware/2.50-k
- version/ibm advanced management module firmware/2.50-p
- canonical/ibm bladecenter