Описание
IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:ibm:hardware_management_console_r10.0_firmware:10.0.245.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:hardware_management_console_r10.0_firmware:10.1.3.0:*:*:*:*:*:*:*
cpe:2.3:h:ibm:hardware_management_console_r10.0:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:o:ibm:hardware_management_console_r9.4_firmware:89.40.83.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:hardware_management_console_r9.4_firmware:89.41.25.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:hardware_management_console_r9.4_firmware:89.42.18.0:*:*:*:*:*:*:*
cpe:2.3:h:ibm:hardware_management_console_r9.4:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
Одно из
cpe:2.3:o:ibm:hardware_management_console_r9.3_firmware:89.33.45.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:hardware_management_console_r9.3_firmware:89.33.52.0:*:*:*:*:*:*:*
cpe:2.3:h:ibm:hardware_management_console_r9.3:-:*:*:*:*:*:*:*
EPSS
Процентиль: 4%
0.0002
Низкий
5.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.5
github
9 месяцев назад
IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
EPSS
Процентиль: 4%
0.0002
Низкий
5.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79