Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2655Path Traversal in IBM Advanced Management Module

CWE-22Path Traversal4 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
19.1%
top 4.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Advanced Management Module
Timeline
PublishedJul 8
Latest updateMay 17

Description

Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8rpw-q347-h7pp: Directory traversal vulnerability in private/file_management2022-05-17
CVEList
CVE-2010-2655: Directory traversal vulnerability in private/file_management2010-07-07

💥Exploits & PoCs

1
Exploit-DB
IBM Bladecenter Management - Multiple Web Application Vulnerabilities2010-07-06
CVE-2010-2655 — Path Traversal in IBM | cvebase