Cross-Site Scripting Vulnerability in IBM BladeCenter Advanced Management Module
CVE-2020-8339
Summary
A cross-site scripting inclusion vulnerability exists in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface, allowing exposed user credentials under specific conditions. This vulnerability can be exploited when an authenticated user visits a malicious site, potentially as a result of phishing tactics. The attack's success hinges on the user's network knowledge and requires the user to be logged into the AMM while accessing the malicious site, using a browser lacking inherent protection against such vulnerabilities. Notably, the exploitation does not execute JavaScript within the AMM itself, but rather operates through the user's session.
Affected Version(s)
BladeCenter AMM firmware < 3.68n [BPET68N]
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved