Vulnerability Details CVE-2010-2655
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.191
EPSS Ranking 95.0%
CVSS Severity
CVSS v2 Score 4.0
References
Products affected by CVE-2010-2655
-
cpe:2.3:h:ibm:advanced_management_module:*
-
cpe:2.3:h:ibm:advanced_management_module:1.00
-
cpe:2.3:h:ibm:advanced_management_module:1.01
-
cpe:2.3:h:ibm:advanced_management_module:1.20
-
cpe:2.3:h:ibm:advanced_management_module:1.25
-
cpe:2.3:h:ibm:advanced_management_module:1.26
-
cpe:2.3:h:ibm:advanced_management_module:1.28
-
cpe:2.3:h:ibm:advanced_management_module:1.32
-
cpe:2.3:h:ibm:advanced_management_module:1.34
-
cpe:2.3:h:ibm:advanced_management_module:1.36
-
cpe:2.3:h:ibm:advanced_management_module:1.42
-
cpe:2.3:h:ibm:advanced_management_module:2.46
-
cpe:2.3:h:ibm:advanced_management_module:2.48
-
cpe:2.3:h:ibm:advanced_management_module:2.50
-
cpe:2.3:h:ibm:bladecenter:-
-
cpe:2.3:h:ibm:bladecenter:hs22
-
cpe:2.3:h:ibm:bladecenter:hs22v
-
cpe:2.3:h:ibm:bladecenter:hs23
-
cpe:2.3:h:ibm:bladecenter:hs23e
-
cpe:2.3:h:ibm:bladecenter:hx5