CVE-2016-8232
Summary
| CVE | CVE-2016-8232 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-03-01 21:59:00 UTC |
| Updated | 2017-03-15 17:27:00 UTC |
| Description | Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ibm | Advanced Management Module | - | All | All | All |
| Hardware | Ibm | Advanced Management Module | - | All | All | All |
| Operating System | Ibm | Advanced Management Module Firmware | - | All | All | All |
| Operating System | Ibm | Advanced Management Module Firmware | - | All | All | All |
| Hardware | Ibm | Bladecenter | hs22 | All | All | All |
| Hardware | Ibm | Bladecenter | hs22v | All | All | All |
| Hardware | Ibm | Bladecenter | hs23 | All | All | All |
| Hardware | Ibm | Bladecenter | hs23e | All | All | All |
| Hardware | Ibm | Bladecenter | hx5 | All | All | All |
| Hardware | Ibm | Bladecenter | hs22 | All | All | All |
| Hardware | Ibm | Bladecenter | hs22v | All | All | All |
| Hardware | Ibm | Bladecenter | hs23 | All | All | All |
| Hardware | Ibm | Bladecenter | hs23e | All | All | All |
| Hardware | Ibm | Bladecenter | hx5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| DOM-Based Cross-Site Scripting Vulnerability in the Advanced Management Module (AMM) - US | CONFIRM | support.lenovo.com | Vendor Advisory |
| IBM BladeCenter Advanced Management Module CVE-2016-8232 Cross Site Scripting Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.