CVE-2019-6159

Published Aug 19, 2019

Last updated 2 years ago

CVSS medium 6.1

Overview

Description: A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected.
Source: psirt@lenovo.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 3.0

Type: Secondary
Base score: 9.6
Impact score: 6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:bladecenter_hs22_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19DB7A3E-AFE1-406F-AB60-3848CC85BB00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:bladecenter_hs22:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DD698858-B7AD-404C-9141-87948A51F871"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:bladecenter_hs22v_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74538C0A-EE12-469C-8303-4D65E598DFF6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:bladecenter_hs22v:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8CCA67C1-AE2C-4DDE-BC7F-1439B0E80288"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:bladecenter_hx5_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "154A801B-3CEF-4AB7-A554-C8A7B4C11A76"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:bladecenter_hx5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5901DC1B-D4CD-4955-B1EB-0EE8E34688BE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:system_x_idataplex_dx360_m2_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3B095BD-124F-4919-B477-FE57D6A9BF03"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:system_x_idataplex_dx360_m2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "413A51BC-9AED-47B6-AC01-A867118BB846"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:system_x_idataplex_dx360_m3_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1D49A78-B695-4B42-B7EB-56267F286D8C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:system_x_idataplex_dx360_m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A235F07E-4C7D-4300-82C2-73D987BEBD55"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:system_x3400_m3_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E2A83CB-F960-414F-A3C6-64A4EC77E0C8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:system_x3400_m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C78F12A2-C3A9-4754-8936-F1A1AA7A0741"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:system_x3500_m2_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "176EAD9B-8403-4702-97BE-850B33B49A5D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:system_x3500_m2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F958AB79-A9E9-4D3C-96C3-1BD7DFA6F274"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:system_x3500_m3_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3680B05-7432-44B1-82D6-95F3598E96DD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:system_x3500_m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B2762EBC-09E6-481F-B8DD-28D20F0E92B6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:system_x3550_m3_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F28C42BC-7DCB-444C-9A13-80CBA442FC9A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:system_x3550_m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "64CC09C8-A009-4B56-AD5A-8CE6327862F1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:system_x3560_m2_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4ED187EF-D62D-4EAE-94AE-9671E9906A70"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:system_x3560_m2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F15134C2-6045-4F3F-92C9-DA9CE0DC9ABD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:system_x3630_m3_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBF080B5-E466-4625-866C-044319D58AE0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:system_x3630_m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D8BDFEC5-95CF-4FCC-8922-15FEC01DD313"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:system_x3650_m3_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F4157C7-916B-43B9-A9E2-CABC22A66232"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:system_x3650_m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A50525C0-5A4C-4980-9985-E36636BE7721"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:system_x3690_x5_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92B78958-E14F-4A28-876B-BBE79710E6E0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:system_x3690_x5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5A67A428-427A-4D48-9E4A-F6287B820ED4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:system_x3850_x5_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12FA6BD9-5F06-4CE6-A6AF-AF49CCE81AC4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:system_x3850_x5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8B2B63F6-10AB-41AF-BE1D-2E7D5948680C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:system_x3950_x5_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E49C52DD-0C8E-4CD9-B2B4-BCDF14DDF005"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:system_x3950_x5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E493B7DC-848C-4337-BFDB-BE87C907CC32"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References