CVE-2016-8232

Published Mar 1, 2017

Last updated 8 years ago

CVSS medium 6.1

Overview

Description: Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.
Source: psirt@lenovo.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "734EBD6A-8615-4B4A-A1A9-EB603B1276E0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:advanced_management_module:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "357307A8-421E-4433-A985-505565B0830A"
          },
          {
            "criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20"
          },
          {
            "criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0"
          },
          {
            "criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D"
          },
          {
            "criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347"
          },
          {
            "criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References