← Back

CVE-2016-8232

nvd nist
Published: Mar 1, 2017Modified: May 13, 2026

JSON object

Loading...
6.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.

Affected (1)

Ibm
1 product
Advanced Management Module Firmware
Configuration A
1 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Advanced Management Module Firmware
All versions
Running on/withPlatform Versions
Ibm
Advanced Management Module
All versions
Ibm
Bladecenter
Version hs22
Ibm
Bladecenter
Version hs22v
Ibm
Bladecenter
Version hs23
Ibm
Bladecenter
Version hs23e
Ibm
Bladecenter
Version hx5

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

Source: psirt@lenovo.com
Third Party AdvisoryVDB Entry
Source: psirt@lenovo.com
Third Party Advisory
Source: psirt@lenovo.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.