Cross-Site Scripting Vulnerability in Lenovo Advanced Management Module
CVE-2016-8232

6.1MEDIUM

Key Information:

Vendor
IBM
Status
Lenovo IBM Bladecenter Hs22, Hs22v, Hs23, Hs23e, Hx5 Earlier Than 66z
Vendor
CVE Published:
1 March 2017

Summary

The Advanced Management Module (AMM) for Lenovo's BladeCenter systems contains a DOM-based cross-site scripting vulnerability. This issue allows an unauthenticated attacker, who has network access to the AMM's IP address, to exploit the vulnerability by sending a specially crafted URL. Successful exploitation can lead to the injection of malicious scripts, which may grant the attacker unauthorized access to sensitive user data, including cookies and session information.

Affected Version(s)

Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z

References

https://support.lenovo.com/us/en/product_security/LEN-5700
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/121443
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/95839
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.