CVE-2010-2654 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	1.96%	–	–
2022-03-27	–	–	1.96%	–	–
2022-04-03	–	–	1.96%	–	–
2022-08-28	–	–	1.96%	–	–
2023-03-12	–	–	–	0.15%	–
2023-03-19	–	–	–	0.15%	–
2023-07-23	–	–	–	0.15%	–
2023-07-30	–	–	–	0.22%	–
2024-01-28	–	–	–	0.22%	–
2024-02-11	–	–	–	0.22%	–
2024-06-02	–	–	–	0.22%	–
2024-06-09	–	–	–	0.22%	–
2024-12-22	–	–	–	0.42%	–
2025-01-19	–	–	–	0.42%	–
2025-03-18	–	–	–	–	3.44%
2025-03-30	–	–	–	–	3.44%
2025-04-15	–	–	–	–	3.44%
2025-04-15	–	–	–	–	3.44,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	56%
2022-03-27	57%
2022-04-03	77%
2022-08-28	78%
2023-03-12	49%
2023-03-19	5%
2023-07-23	51%
2023-07-30	59%
2024-01-28	6%
2024-02-11	59%
2024-06-02	59%
2024-06-09	6%
2024-12-22	74%
2025-01-19	74%
2025-03-18	87%
2025-03-30	86%
2025-04-15	87%
2025-04-15	87%

[DSECRG-09-054] IBM Bladecenter Management - Multiple vulnerabilities The BladeCenter management module is prone to multiple security vulnerabilities: Unauthorized Access, Directory Listing, XSS Digital Security Research Group [DSecRG] Advisory #DSECRG-09-054 Application: IBM BladeCenter Managemet Module Versions Affected: BPET48L and may be other versions Vendor URL: http://www-03.ibm.com/systems/bladecenter/ Bug: XSS,Directory traversal, Information disclosure Exploits: YES Reported: 05.09.2009 Vendor response: 09.09.2009 Solution: YES Date of Public Advisory: 05.07.2010 Author: Sintsov Alexey from Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com) Description *********** The BladeCenter management module is prone to multiple security vulnerabilities: 1 Dinamic XSS 2 Directory Listing 3 Unauthorized Access Details ******* 1. Multiple XSS vulnerabilities found in bladecenter web management Examples ******* http://[BLADECENTER]/private/cindefn.php?INDEX=3%3C/NOBR%3E%20%3Cscript%3Ealert(\'XSS1\');%3C/script%3E&VLANID=&IPADDR=3>%3Cscript%3Ealert(\'XSS2\');%3C/script%3E http://[BLADECENTER]/private/power_management_policy_options.php?domain=3<XSS> http://[BLADECENTER]/private/pm_temp.php?view=6&mod_type=3&slot=3<XSS> http://[BLADECENTER]/private/power_module.php?view=4&mod_type=4&slot=3<XSS> http://[BLADECENTER]/private/pm_temp.php?view=6&mod_type=3&slot=3<XSS> http://[BLADECENTER]/private/blade_leds.php?WEBINDEX=3<XSS> http://[BLADECENTER]/private/ipmi_bladestatus.php?SLOT=3<XSS>&save=1 2. Directory Listing vulnerability found in bladecenter web management Attacker need to be authorized. Examples ******* http://[BLADECENTER]/private/file_management.php?DIR=/../../../tmp/etc Attacker can get full access to OS files. 3. UNauthorized access Access to the sensitive data (system logs, cores) can be done by requesting a file: Examples ******* http://[BLADECENTER]/private/sdc.tgz Solution ******** All three issues were fixed in the v4.7 and v5.0 References ********* http://dsecrg.com/pages/vul/show.php?id=154 About ***** Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, ERP and SAP security assessment, certification for ISO/IEC 27001:2005 and PCI DSS and PA DSS standards. Digital Security Research Group focuses on enterprise application (ERP) and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website. Contact: research [at] dsecrg [dot] com http://www.dsecrg.com