Lenovo Security Advisory: LEN-5700
Potential Impact: DOM based XSS
Severity: Medium
**Scope of Impact:**Lenovo-specific
**CVE Identifier:**CVE-2016-8232
Summary Description:
A Document Object Model-(DOM) based cross-site scripting vulnerability has been identified in the Advanced Management Module (AMM) of some IBM BladeCenter blade servers. This could allow an unauthenticated attacker with access to the AMMβs IP address to send a maliciously crafted URL to a user. This URL could inject a malicious script to access a userβs AMM data such as cookies or other session information.
The Advanced Management Module is a hot-swap BladeCenter module that is used to configure and manage installed BladeCenter components.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update your AMMβs firmware to version 66Z or later by going to IBMβs Fix Central.