{ "id": "CVE-2010-2655", "sourceIdentifier": "cve@mitre.org", "published": "2010-07-08T12:54:47.177", "lastModified": "2024-11-21T01:17:06.350", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter." }, { "lang": "es", "value": "Vulnerabilidad de salto de directorio en private/file_management.php en el BladeCenter de IBM con el Advanced Management Module (AMM) firmware build ID BPET48L, y posiblemente otras versiones antes de v4.7 y v5.0, permite a usuarios remotos autenticados listar directorios a su elecci\u00f3n y posiblemente tener otro impacto no especificado a trav\u00e9s de un .. (punto punto) en el par\u00e1metro DIR." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-22" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:*:l:*:*:*:*:*:*", "versionEndIncluding": "2.48", "matchCriteriaId": "AC52F58A-CC17-48B4-ABB1-7470AE5FFBDE" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.00:*:*:*:*:*:*:*", "matchCriteriaId": "478D3D8F-338F-494A-A3FF-5B1007DD90CF" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "DF211E79-BC73-4D6A-8153-19AEE82345D4" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:*:*:*:*:*:*:*", "matchCriteriaId": "231325FC-D582-41B6-8CF4-07FEE414D19B" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.20:f:*:*:*:*:*:*", "matchCriteriaId": "F2F265EA-4CDD-4B6F-9212-74D395F6034A" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:*:*:*:*:*:*:*", "matchCriteriaId": "7A01662B-8A72-4011-AA27-5A12C6B56FDA" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:e:*:*:*:*:*:*", "matchCriteriaId": "9DFF42E1-162B-46EA-BDB6-E3452201550A" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.25:i:*:*:*:*:*:*", "matchCriteriaId": "BBFF96E9-59AB-40D8-A531-7FB36A4B1E84" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:b:*:*:*:*:*:*", "matchCriteriaId": "EACAF1A3-EADC-4E15-AE0C-76F6E1FE5219" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:e:*:*:*:*:*:*", "matchCriteriaId": "0E5AA726-67C7-43EF-AB4C-DC9EC2AB39A5" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:h:*:*:*:*:*:*", "matchCriteriaId": "0B967754-11D2-4903-AB8E-6608FD0FD836" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:i:*:*:*:*:*:*", "matchCriteriaId": "1F293BB5-4169-49EC-8DF4-3F0575F7F4D3" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.26:k:*:*:*:*:*:*", "matchCriteriaId": "178B4552-5FE7-439F-86C4-5123F23F4117" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.28:g:*:*:*:*:*:*", "matchCriteriaId": "F58BC7F2-438E-4681-9741-7A8DC581DE3B" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.32:d:*:*:*:*:*:*", "matchCriteriaId": "86CF34AF-A48D-4CE0-9144-5209A16C9C86" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:b:*:*:*:*:*:*", "matchCriteriaId": "A555F94B-2D23-4ED6-947C-CBEC1A2768C1" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.34:e:*:*:*:*:*:*", "matchCriteriaId": "AEC68099-D84F-4516-8D6A-3580F49DF4B0" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:d:*:*:*:*:*:*", "matchCriteriaId": "304A13AA-E04B-43B6-84DD-3235170F5C55" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:g:*:*:*:*:*:*", "matchCriteriaId": "F26C2C6D-D2E1-42D6-A700-53AD1D3A3876" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:h:*:*:*:*:*:*", "matchCriteriaId": "5F61FF30-2B40-44A3-8257-69E92EC0DE23" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.36:k:*:*:*:*:*:*", "matchCriteriaId": "EF1B6195-649E-4577-99F3-B04C0B762FF4" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:d:*:*:*:*:*:*", "matchCriteriaId": "377C2D86-620B-4BC8-A118-9B52EBC609D5" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:f:*:*:*:*:*:*", "matchCriteriaId": "E9BB015A-30D6-4942-BAC6-DD96E151B8CA" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:i:*:*:*:*:*:*", "matchCriteriaId": "7B916267-C840-48C5-B3DC-73BCDA9C91C8" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:n:*:*:*:*:*:*", "matchCriteriaId": "6D979D22-C158-41DE-8AFA-EF3C040B1F58" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:o:*:*:*:*:*:*", "matchCriteriaId": "66B0F30E-1E3F-4BD4-BE24-0A26C4CA56E1" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:1.42:t:*:*:*:*:*:*", "matchCriteriaId": "2C927655-9D61-4921-AA51-27E7D6A2007C" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:c:*:*:*:*:*:*", "matchCriteriaId": "1ED4EBB8-760C-4DA6-8404-3BB104D08656" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.46:j:*:*:*:*:*:*", "matchCriteriaId": "C65476D1-5104-4DE1-B0DF-FBD811F74ACB" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:c:*:*:*:*:*:*", "matchCriteriaId": "A2F8CD93-5278-43F6-87E0-0FED8ACD330A" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:d:*:*:*:*:*:*", "matchCriteriaId": "6460DE58-67FA-44AE-B20F-A60BAC07F516" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:g:*:*:*:*:*:*", "matchCriteriaId": "54EAE737-288C-4F0E-A510-44C8B4B94E70" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.48:n:*:*:*:*:*:*", "matchCriteriaId": "D29A5D9C-E5F7-4228-A63F-82F2A55E242E" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:c:*:*:*:*:*:*", "matchCriteriaId": "EA87A054-0FF2-407C-95C7-21CC7C98801C" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:g:*:*:*:*:*:*", "matchCriteriaId": "8BDD8DB8-3B3B-4A10-BEF5-703D6DB7E874" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:k:*:*:*:*:*:*", "matchCriteriaId": "0D10BE3E-7AB3-4F75-BB38-BB9EB5D27BC7" }, { "vulnerable": true, "criteria": "cpe:2.3:h:ibm:advanced_management_module:2.50:p:*:*:*:*:*:*", "matchCriteriaId": "2274C274-E094-4F01-9D81-B5FC1FAD3F8D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:bladecenter:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8C9F62C-79C0-4079-824C-E076DA20CE2F" } ] } ] } ], "references": [ { "url": "http://dsecrg.com/pages/vul/show.php?id=154", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://osvdb.org/66124", "source": "cve@mitre.org" }, { "url": "http://www.exploit-db.com/exploits/14237/", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://www.securityfocus.com/bid/41383", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://dsecrg.com/pages/vul/show.php?id=154", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ] }, { "url": "http://osvdb.org/66124", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.exploit-db.com/exploits/14237/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ] }, { "url": "http://www.securityfocus.com/bid/41383", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ] } ] }