3 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a malicious web site, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the malicious web site. Impact is limited to the normal access restrictions of the user visiting the malicious web site, and subject to the user being logged into AMM, being able to connect to both AMM and the malicious web site while the web browser is open, and using a web browser that does not inherently protect against this class of attack. The JavaScript code is not executed on AMM itself. • https://support.lenovo.com/us/en/product_security/LEN-38385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-522: Insufficiently Protected Credentials •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information. Vulnerabilidad de XSS basada en Document Object Model-(DOM) en Advanced Management Module (AMM) versiones anteriores a 66Z de Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 permite a un atacante no autenticado con acceso a la dirección IP de AMM mandar una URL manipulada que podría inyectar un scrip malicioso para acceder a los datos AMM de un usuario como cookies u otra información de la sesión. • http://www.securityfocus.com/bid/95839 https://exchange.xforce.ibmcloud.com/vulnerabilities/121443 https://support.lenovo.com/us/en/product_security/LEN-5700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0

Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en el firmware de Advanced Management Module, en versiones anteriores a la 2.50G, para el IBM BladeCenter T 8720-2xx y 8730-2xx tienen un impacto y unos vectores de ataque desconocidos. • ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg http://www.securityfocus.com/bid/36970 http://www.vupen.com/english/advisories/2009/3188 •