CVE-2016-8232

Опубликовано: 01 мар. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.

Ссылки

http://www.securityfocus.com/bid/95839
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/121443
Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-5700
Vendor Advisory
http://www.securityfocus.com/bid/95839
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/121443
Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-5700
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ibm:advanced_management_module_firmware:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:ibm:advanced_management_module:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00242

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2g27-5xv6-24x4