CVE-2016-8232
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.
Vulnerabilidad de XSS basada en Document Object Model-(DOM) en Advanced Management Module (AMM) versiones anteriores a 66Z de Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 permite a un atacante no autenticado con acceso a la dirección IP de AMM mandar una URL manipulada que podría inyectar un scrip malicioso para acceder a los datos AMM de un usuario como cookies u otra información de la sesión.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-09-16 CVE Reserved
- 2017-03-01 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/95839 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/121443 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-5700 | 2017-03-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Advanced Management Module Firmware Search vendor "Ibm" for product "Advanced Management Module Firmware" | - | - |
Affected
| in | Ibm Search vendor "Ibm" | Advanced Management Module Search vendor "Ibm" for product "Advanced Management Module" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Firmware Search vendor "Ibm" for product "Advanced Management Module Firmware" | - | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs22 Search vendor "Ibm" for product "Bladecenter" and version "hs22" | - |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Firmware Search vendor "Ibm" for product "Advanced Management Module Firmware" | - | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs22v Search vendor "Ibm" for product "Bladecenter" and version "hs22v" | - |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Firmware Search vendor "Ibm" for product "Advanced Management Module Firmware" | - | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs23 Search vendor "Ibm" for product "Bladecenter" and version "hs23" | - |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Firmware Search vendor "Ibm" for product "Advanced Management Module Firmware" | - | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hs23e Search vendor "Ibm" for product "Bladecenter" and version "hs23e" | - |
Safe
|
| Ibm Search vendor "Ibm" | Advanced Management Module Firmware Search vendor "Ibm" for product "Advanced Management Module Firmware" | - | - |
Affected
| in | Ibm Search vendor "Ibm" | Bladecenter Search vendor "Ibm" for product "Bladecenter" | hx5 Search vendor "Ibm" for product "Bladecenter" and version "hx5" | - |
Safe
|