CVE-2010-2655

IBM Advanced Management Module < 2.48 - Authenticated Path Traversal via DIR Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2655. PoCs published by Alexey Sintsov.

AI-analyzed exploit summary The advisory details multiple vulnerabilities in IBM BladeCenter Management Module, including XSS, directory traversal, and unauthorized access. It provides specific exploit URLs and describes the impact of each vulnerability.

Description

Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Alexey Sintsov · textwebappsphp

https://www.exploit-db.com/exploits/14237

View Code ZIP pw:eip

The advisory details multiple vulnerabilities in IBM BladeCenter Management Module, including XSS, directory traversal, and unauthorized access. It provides specific exploit URLs and describes the impact of each vulnerability.

Classification

Writeup 90%

Attack Type

Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: IBM BladeCenter Management Module BPET48L and possibly other versions

Auth required

Prerequisites: Network access to the BladeCenter management interface · Authorization for directory listing vulnerability

MITRE ATT&CK

T1059.007 - JavaScript T1083 - File and Directory Discovery T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14237/

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/66124

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/41383

Exploit x_refsource_misc

http://dsecrg.com/pages/vul/show.php?id=154

Scores

EPSS 0.0229

EPSS Percentile 81.0%

Details

CWE

CWE-22

Status published

Products (14)

ibm/advanced_management_module 1.00

ibm/advanced_management_module 1.01

ibm/advanced_management_module 1.20 (2 CPE variants)

ibm/advanced_management_module 1.25 (3 CPE variants)

ibm/advanced_management_module 1.26 b (5 CPE variants)

ibm/advanced_management_module 1.28 g

ibm/advanced_management_module 1.32 d

ibm/advanced_management_module 1.34 b (2 CPE variants)

ibm/advanced_management_module 1.36 d (4 CPE variants)

ibm/advanced_management_module 1.42 d (6 CPE variants)

... and 4 more

Published Jul 08, 2010

Tracked Since Feb 18, 2026