CVE-2010-2656

IBM Advanced Management Module < 2.48 - Unauthenticated Sensitive Information Exposure via Direct Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2656. PoCs published by Alexey Sintsov.

AI-analyzed exploit summary The advisory details multiple vulnerabilities in IBM BladeCenter Management Module, including XSS, directory traversal, and unauthorized access. It provides specific exploit URLs and describes the impact of each vulnerability.

Description

The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Alexey Sintsov · textwebappsphp

https://www.exploit-db.com/exploits/14237

View Code ZIP pw:eip

The advisory details multiple vulnerabilities in IBM BladeCenter Management Module, including XSS, directory traversal, and unauthorized access. It provides specific exploit URLs and describes the impact of each vulnerability.

Classification

Writeup 90%

Attack Type

Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: IBM BladeCenter Management Module BPET48L and possibly other versions

Auth required

Prerequisites: Network access to the BladeCenter management interface · Authorization for directory listing vulnerability

MITRE ATT&CK

T1059.007 - JavaScript T1083 - File and Directory Discovery T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14237/

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/41383

Exploit x_refsource_misc

http://dsecrg.com/pages/vul/show.php?id=154

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/66123

Scores

EPSS 0.0246

EPSS Percentile 82.3%

Details

CWE

CWE-264

Status published

Products (14)

ibm/advanced_management_module 1.00

ibm/advanced_management_module 1.01

ibm/advanced_management_module 1.20 (2 CPE variants)

ibm/advanced_management_module 1.25 (3 CPE variants)

ibm/advanced_management_module 1.26 b (5 CPE variants)

ibm/advanced_management_module 1.28 g

ibm/advanced_management_module 1.32 d

ibm/advanced_management_module 1.34 b (2 CPE variants)

ibm/advanced_management_module 1.36 d (4 CPE variants)

ibm/advanced_management_module 1.42 d (6 CPE variants)

... and 4 more

Published Jul 08, 2010

Tracked Since Feb 18, 2026