Strix
26.1K

CVE-2010-2654

UnknownEPSS 2.28%

Last modified

CVE-2010-2654 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.. EPSS estimates a 2.28% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.

Metrics

EPSS Probability
2.28%

80.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
IbmAdvanced Management Module<= 2.48L
IbmAdvanced Management Module<= 3.54G
IbmAdvanced Management Module1.00
IbmAdvanced Management Module1.01
IbmAdvanced Management Module1.20
IbmAdvanced Management Module1.25
IbmAdvanced Management Module1.26B
IbmAdvanced Management Module1.28G
IbmAdvanced Management Module1.32D
IbmAdvanced Management Module1.34B
IbmAdvanced Management Module1.36D
IbmAdvanced Management Module1.42D
IbmAdvanced Management Module2.46C
IbmAdvanced Management Module2.48C
IbmAdvanced Management Module2.50C
IbmAdvanced Management Module3.54D

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2010-2654?
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.
How severe is CVE-2010-2654?
Severity scoring for CVE-2010-2654 is pending analysis. The EPSS model estimates a 2.28% probability of exploitation in the next 30 days.
How do I fix CVE-2010-2654?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-2654?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST