6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.1%
This affects the BMC’s ASMi web application.
CVEID:CVE-2023-45857
**DESCRIPTION:**Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKEN header using the secret XSRF-TOKEN cookie value in all requests to any server when the XSRF-TOKEN0 cookie is available, and the withCredentials setting is turned on, an attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270574 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
OPENBMC | FW1020.00 - FW1020.50 |
OPENBMC | FW1030.00 - FW1030.40 |
OPENBMC | FW1050.00 - FW1050.10 |
Customers with the products below should install FW1020.60(1020_118), FW1030.50(1030_082), FW1050.11(1050_070) or newer to remediate this vulnerability.
Power 10
Do not access the BMC and other websites using the same web browser.
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.1%