Lucene search

[email protected]NVD:CVE-2016-8232

HistoryMar 01, 2017 - 9:59 p.m.

CVE-2016-8232

2017-03-0121:59:00

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

41.4%

JSON

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM’s IP address to send a crafted URL that could inject a malicious script to access a user’s AMM data such as cookies or other session information.

Affected configurations

NVD

Node

ibmadvanced_management_module_firmwareMatch-

AND

ibmadvanced_management_moduleMatch-

ibmbladecenterMatchhs22

ibmbladecenterMatchhs22v

ibmbladecenterMatchhs23

ibmbladecenterMatchhs23e

ibmbladecenterMatchhx5

References

www.securityfocus.com/bid/95839

exchange.xforce.ibmcloud.com/vulnerabilities/121443

support.lenovo.com/us/en/product_security/LEN-5700

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for NVD:CVE-2016-8232

prion1 cvelist1 ibm1 lenovo2 cve1