Description
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Alexey Sintsov · textwebappsphp
https://www.exploit-db.com/exploits/14237
References (4)
Core 4
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/14237/
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41383
Exploit x_refsource_misc
http://dsecrg.com/pages/vul/show.php?id=154
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/66123
Scores
EPSS
0.1722
EPSS Percentile
95.0%
Details
CWE
CWE-264
Status
published
Products (14)
ibm/advanced_management_module
1.00
ibm/advanced_management_module
1.01
ibm/advanced_management_module
1.20 (2 CPE variants)
ibm/advanced_management_module
1.25 (3 CPE variants)
ibm/advanced_management_module
1.26 b (5 CPE variants)
ibm/advanced_management_module
1.28 g
ibm/advanced_management_module
1.32 d
ibm/advanced_management_module
1.34 b (2 CPE variants)
ibm/advanced_management_module
1.36 d (4 CPE variants)
ibm/advanced_management_module
1.42 d (6 CPE variants)
... and 4 more
Published
Jul 08, 2010
Tracked Since
Feb 18, 2026