CVE-2016-8232

MEDIUM

Lenovo IBM BladeCenter - XSS

Title source: llm

Description

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95839

[Third Party Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/121443

[Vendor Advisory] https://support.lenovo.com/us/en/product_security/LEN-5700

Scores

CVSS v3 6.1

EPSS 0.0024

EPSS Percentile 47.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

ibm/advanced_management_module_firmware

n/a/Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z < Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z

Timeline

Published Mar 01, 2017

Tracked Since Feb 18, 2026