Lucene search

[email protected]NVD:CVE-2010-2654

HistoryJul 08, 2010 - 12:54 p.m.

CVE-2010-2654

2010-07-0812:54:47

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

59.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.

Affected configurations

Nvd

Node

ibmadvanced_management_moduleRange≤2.48l

ibmadvanced_management_moduleRange≤3.54g

ibmadvanced_management_moduleMatch1.00

ibmadvanced_management_moduleMatch1.01

ibmadvanced_management_moduleMatch1.20

ibmadvanced_management_moduleMatch1.20f

ibmadvanced_management_moduleMatch1.25

ibmadvanced_management_moduleMatch1.25e

ibmadvanced_management_moduleMatch1.25i

ibmadvanced_management_moduleMatch1.26b

ibmadvanced_management_moduleMatch1.26e

ibmadvanced_management_moduleMatch1.26h

ibmadvanced_management_moduleMatch1.26i

ibmadvanced_management_moduleMatch1.26k

ibmadvanced_management_moduleMatch1.28g

ibmadvanced_management_moduleMatch1.32d

ibmadvanced_management_moduleMatch1.34b

ibmadvanced_management_moduleMatch1.34e

ibmadvanced_management_moduleMatch1.36d

ibmadvanced_management_moduleMatch1.36g

ibmadvanced_management_moduleMatch1.36h

ibmadvanced_management_moduleMatch1.36k

ibmadvanced_management_moduleMatch1.42d

ibmadvanced_management_moduleMatch1.42f

ibmadvanced_management_moduleMatch1.42i

ibmadvanced_management_moduleMatch1.42n

ibmadvanced_management_moduleMatch1.42o

ibmadvanced_management_moduleMatch1.42t

ibmadvanced_management_moduleMatch2.46c

ibmadvanced_management_moduleMatch2.46j

ibmadvanced_management_moduleMatch2.48c

ibmadvanced_management_moduleMatch2.48d

ibmadvanced_management_moduleMatch2.48g

ibmadvanced_management_moduleMatch2.48n

ibmadvanced_management_moduleMatch2.50c

ibmadvanced_management_moduleMatch2.50g

ibmadvanced_management_moduleMatch2.50k

ibmadvanced_management_moduleMatch2.50p

ibmadvanced_management_moduleMatch3.54d

AND

ibmbladecenter

VendorProductVersionCPE
ibmadvanced_management_module*cpe:2.3:h:ibm:advanced_management_module:*:l:*:*:*:*:*:*
ibmadvanced_management_module*cpe:2.3:h:ibm:advanced_management_module:*:g:*:*:*:*:*:*
ibmadvanced_management_module1.00cpe:2.3:h:ibm:advanced_management_module:1.00:*:*:*:*:*:*:*
ibmadvanced_management_module1.01cpe:2.3:h:ibm:advanced_management_module:1.01:*:*:*:*:*:*:*
ibmadvanced_management_module1.20cpe:2.3:h:ibm:advanced_management_module:1.20:*:*:*:*:*:*:*
ibmadvanced_management_module1.20cpe:2.3:h:ibm:advanced_management_module:1.20:f:*:*:*:*:*:*
ibmadvanced_management_module1.25cpe:2.3:h:ibm:advanced_management_module:1.25:*:*:*:*:*:*:*
ibmadvanced_management_module1.25cpe:2.3:h:ibm:advanced_management_module:1.25:e:*:*:*:*:*:*
ibmadvanced_management_module1.25cpe:2.3:h:ibm:advanced_management_module:1.25:i:*:*:*:*:*:*
ibmadvanced_management_module1.26cpe:2.3:h:ibm:advanced_management_module:1.26:b:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	advanced_management_module	*	cpe:2.3:h:ibm:advanced_management_module::l::::::*
ibm	advanced_management_module	*	cpe:2.3:h:ibm:advanced_management_module::g::::::*
ibm	advanced_management_module	1.00	cpe:2.3:h:ibm:advanced_management_module:1.00:::::::*
ibm	advanced_management_module	1.01	cpe:2.3:h:ibm:advanced_management_module:1.01:::::::*
ibm	advanced_management_module	1.20	cpe:2.3:h:ibm:advanced_management_module:1.20:::::::*
ibm	advanced_management_module	1.20	cpe:2.3:h:ibm:advanced_management_module:1.20:f::::::
ibm	advanced_management_module	1.25	cpe:2.3:h:ibm:advanced_management_module:1.25:::::::*
ibm	advanced_management_module	1.25	cpe:2.3:h:ibm:advanced_management_module:1.25:e::::::
ibm	advanced_management_module	1.25	cpe:2.3:h:ibm:advanced_management_module:1.25:i::::::
ibm	advanced_management_module	1.26	cpe:2.3:h:ibm:advanced_management_module:1.26:b::::::

Rows per page:

1-10 of 401

References

dsecrg.com/pages/vul/show.php?id=154

osvdb.org/66122

osvdb.org/66125

osvdb.org/66126

osvdb.org/66127

osvdb.org/66128

osvdb.org/66129

osvdb.org/66130

www.exploit-db.com/exploits/14237/

www.securityfocus.com/bid/41383

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

59.7%

JSON

Related for NVD:CVE-2010-2654

prion1 cvelist1 cve1 exploitdb1