Cross-Site Scripting Vulnerability in Lenovo Advanced Management Module
CVE-2016-8232
6.1MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 1 March 2017
Summary
The Advanced Management Module (AMM) for Lenovo's BladeCenter systems contains a DOM-based cross-site scripting vulnerability. This issue allows an unauthenticated attacker, who has network access to the AMM's IP address, to exploit the vulnerability by sending a specially crafted URL. Successful exploitation can lead to the injection of malicious scripts, which may grant the attacker unauthorized access to sensitive user data, including cookies and session information.
Affected Version(s)
Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved