DOM-Based Cross-Site Scripting Vulnerability in the Advanced Management Module (AMM) - us

Lenovo Security Advisory: LEN-5700

Potential Impact: DOM based XSS

Severity: Medium

**Scope of Impact:**Lenovo-specific

**CVE Identifier:**CVE-2016-8232

Summary Description:

A Document Object Model-(DOM) based cross-site scripting vulnerability has been identified in the Advanced Management Module (AMM) of some IBM BladeCenter blade servers. This could allow an unauthenticated attacker with access to the AMM’s IP address to send a maliciously crafted URL to a user. This URL could inject a malicious script to access a user’s AMM data such as cookies or other session information.

The Advanced Management Module is a hot-swap BladeCenter module that is used to configure and manage installed BladeCenter components.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update your AMM’s firmware to version 66Z or later by going to IBM’s Fix Central.