Vulnerabilites related to ibm - advanced_management_module_firmware
Vulnerability from fkie_nvd
Published
2013-12-01 04:31
Modified
2024-11-21 01:59
Severity ?
Summary
The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:3.64:bbet64b:*:*:*:*:*:*",
"matchCriteriaId": "6B9ADAF5-AF4E-4D93-A789-6B033C90022C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:3.64:bbet64c:*:*:*:*:*:*",
"matchCriteriaId": "B894BA62-335F-4269-8C82-74762282B02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:3.64:bbet64g:*:*:*:*:*:*",
"matchCriteriaId": "4B394200-3A01-4F0A-BE36-CAE7566FE50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:3.64:bpeo64b:*:*:*:*:*:*",
"matchCriteriaId": "07E9F9DB-A8EF-48A1-9718-7A5E53529B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:3.64:bpeo64c:*:*:*:*:*:*",
"matchCriteriaId": "6CE83495-4D09-4F01-A207-B9BDC9877E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:3.64:bpeo64g:*:*:*:*:*:*",
"matchCriteriaId": "2A101BE4-64D3-4E16-84E5-38A59C9890AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:3.64:bpet64b:*:*:*:*:*:*",
"matchCriteriaId": "319BC24F-C66C-4E34-B020-37AC7E39C433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:3.64:bpet64c:*:*:*:*:*:*",
"matchCriteriaId": "97CA149A-68FC-4723-810A-97236AFD6B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:3.64:bpet64g:*:*:*:*:*:*",
"matchCriteriaId": "41535039-EDE0-4957-8762-50B46C36884B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface."
},
{
"lang": "es",
"value": "Advanced Management Module (AMM) con firmware 3.64B, 3.64C, y 3.64G para sistemas IBM BladeCenter permite a atacantes remotos descubrir nombres de cuentas y contrase\u00f1as a trav\u00e9s del uso de una interfaz no especificada."
}
],
"id": "CVE-2013-6718",
"lastModified": "2024-11-21T01:59:36.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-01T04:31:49.707",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://osvdb.org/100397"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/55921"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_bladecenter_advanced_management_module_account_information_exposure_cve_2013_6718"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/64032"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_bladecenter_advanced_management_module_account_information_exposure_cve_2013_6718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89174"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-01 21:59
Modified
2024-11-21 02:59
Severity ?
Summary
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | http://www.securityfocus.com/bid/95839 | Third Party Advisory, VDB Entry | |
| psirt@lenovo.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/121443 | Third Party Advisory | |
| psirt@lenovo.com | https://support.lenovo.com/us/en/product_security/LEN-5700 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95839 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/121443 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/product_security/LEN-5700 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | advanced_management_module_firmware | - | |
| ibm | advanced_management_module | - | |
| ibm | bladecenter | hs22 | |
| ibm | bladecenter | hs22v | |
| ibm | bladecenter | hs23 | |
| ibm | bladecenter | hs23e | |
| ibm | bladecenter | hx5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "734EBD6A-8615-4B4A-A1A9-EB603B1276E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "357307A8-421E-4433-A985-505565B0830A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*",
"matchCriteriaId": "1052332C-2892-4E69-8180-305039D6AF20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*",
"matchCriteriaId": "1245D63B-4A91-4934-8DD8-49B4A10F33A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*",
"matchCriteriaId": "A633BBA0-4330-41DE-AAAE-D568D9E7442D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*",
"matchCriteriaId": "8644F48F-5032-48CB-B921-0CCC8E233347",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*",
"matchCriteriaId": "929B68CB-91CD-40EB-87A0-BD66E25922E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM\u0027s IP address to send a crafted URL that could inject a malicious script to access a user\u0027s AMM data such as cookies or other session information."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS basada en Document Object Model-(DOM) en Advanced Management Module (AMM) versiones anteriores a 66Z de Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 permite a un atacante no autenticado con acceso a la direcci\u00f3n IP de AMM mandar una URL manipulada que podr\u00eda inyectar un scrip malicioso para acceder a los datos AMM de un usuario como cookies u otra informaci\u00f3n de la sesi\u00f3n."
}
],
"id": "CVE-2016-8232",
"lastModified": "2024-11-21T02:59:02.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-01T21:59:00.243",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95839"
},
{
"source": "psirt@lenovo.com",
"tags": [
"Third Party Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121443"
},
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-5700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-5700"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-07 11:01
Modified
2024-11-21 02:02
Severity ?
Summary
The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEE77E6-DC53-4710-9584-FD2CEACB46BE",
"versionEndIncluding": "1.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:integrated_management_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA49FD93-328A-4E60-8BD1-817936DE2E82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:advanced_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E920A51B-0382-4474-870C-C6AD285FA6DF",
"versionEndIncluding": "3.65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "357307A8-421E-4433-A985-505565B0830A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:integrated_management_module_ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D348D34E-1379-4CBA-A21C-3E13DA279A5F",
"versionEndIncluding": "3.65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:integrated_management_module_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE67F95-2ECE-4BF5-8E4B-2D6390160FCE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface."
},
{
"lang": "es",
"value": "El firmware anterior a 3.66E en IBM BladeCenter Advanced Management Module (AMM), el firmware anterior a 1.43 en IBM Integrated Management Module (IMM), y el firmware anterior a 4.15 en IBM Integrated Management Module II (IMM2) contiene los credenciales IPMI en texto claro, lo que permite a atacantes remotos ejecutar comandos IPMI arbitrarios, y como consecuencia establecer una sesi\u00f3n de control remoto blade, mediante el aprovechamiento del acceso a (1) el chassis internal network o (2) la interfaz \u0027Ethernet-over-USB\u0027."
}
],
"id": "CVE-2014-0860",
"lastModified": "2024-11-21T02:02:55.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-07T11:01:28.680",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-12 17:54
Modified
2024-11-21 01:08
Severity ?
Summary
Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB95BF0-DE99-426C-BAAC-F11D26F1E604",
"versionEndIncluding": "2.50c",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C4CAC775-3003-46B5-8F71-E6714B407B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8C118D-55F0-4B9F-BE7D-BCF5785B91B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "39692441-13DC-4FA9-BC0E-956B2CFABA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.20f:*:*:*:*:*:*:*",
"matchCriteriaId": "92560A6E-7DB6-4386-82E4-3065F7CCA3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9E89E2-6A0E-45CF-82DC-E142545B7706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.25e:*:*:*:*:*:*:*",
"matchCriteriaId": "53A33EAB-75DF-4724-B63D-8F7206CA0474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.25i:*:*:*:*:*:*:*",
"matchCriteriaId": "B912239E-ABA7-4D96-80D2-D93C718404D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.26b:*:*:*:*:*:*:*",
"matchCriteriaId": "5A16A762-F911-4D58-8D93-921FEF1674DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.26e:*:*:*:*:*:*:*",
"matchCriteriaId": "D03C0AAF-9D47-4524-87B7-186CCAC33707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.26h:*:*:*:*:*:*:*",
"matchCriteriaId": "BA61D831-ABCC-4622-80D9-53637AAA458F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.26i:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F0B05F-EE07-4261-8E09-A11081E1D9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.26k:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B83853-5EDB-4AD7-BAAF-252C71B7BD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.28g:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3F5569-B25E-43DA-970D-AA9D9CC2979F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.32d:*:*:*:*:*:*:*",
"matchCriteriaId": "16D3776F-5B97-477F-B397-9161A64771B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.34b:*:*:*:*:*:*:*",
"matchCriteriaId": "1356422D-E695-49F2-BFA4-275A9EC857CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.34e:*:*:*:*:*:*:*",
"matchCriteriaId": "0F956A08-A3D4-42C6-BDDC-F6A417FD5FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.36d:*:*:*:*:*:*:*",
"matchCriteriaId": "E33E5CBA-B044-41D0-AAA8-0E3402D35D3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.36g:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB8B620-EF87-4818-9D43-5311AF55D2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.36h:*:*:*:*:*:*:*",
"matchCriteriaId": "294822FC-3118-4D17-B178-F8A023D31F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.36k:*:*:*:*:*:*:*",
"matchCriteriaId": "3326A7E5-2852-40D0-B9EA-34C63EE113FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.42d:*:*:*:*:*:*:*",
"matchCriteriaId": "22928A60-F0B6-4FCC-A0C2-C60E81FAADD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.42f:*:*:*:*:*:*:*",
"matchCriteriaId": "8245059E-DEFD-4421-B166-851A97A5E77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.42i:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC04209-8AA5-4353-AC42-7ACBFBCDAC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.42n:*:*:*:*:*:*:*",
"matchCriteriaId": "280DA292-AA2E-41B6-8B48-3436DE3B47D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.42o:*:*:*:*:*:*:*",
"matchCriteriaId": "49235342-7700-4AEA-B41A-4E2F35456245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:1.42t:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6FF2D0-8014-4E3F-840C-721B38357F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:2.46c:*:*:*:*:*:*:*",
"matchCriteriaId": "A5BAAFFB-8223-448E-BA4F-A27B9E867936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:2.46j:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8695FC-2C14-41DB-954F-C0CD99C69F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:2.48c:*:*:*:*:*:*:*",
"matchCriteriaId": "A10F5132-9F28-4ACA-A712-AFE6EF37BA15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:2.48d:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A70C2C-3691-457D-9663-29DC41E15059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:2.48g:*:*:*:*:*:*:*",
"matchCriteriaId": "1E934753-B5DB-4FD2-8145-F3C48B4D8E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:2.48l:*:*:*:*:*:*:*",
"matchCriteriaId": "D14E87B9-E5CE-4D32-85B3-F525D78AC9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:advanced_management_module_firmware:2.48n:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E2B205-B61A-473C-9E41-5E65B9B99E66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*",
"matchCriteriaId": "A7C6F823-C727-45DA-A623-3F95C92CFE76",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*",
"matchCriteriaId": "9B853206-C826-4215-9A56-8CAF9D018603",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en el firmware de Advanced Management Module, en versiones anteriores a la 2.50G, para el IBM BladeCenter T 8720-2xx y 8730-2xx tienen un impacto y unos vectores de ataque desconocidos."
}
],
"id": "CVE-2009-3935",
"lastModified": "2024-11-21T01:08:33.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-12T17:54:58.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36970"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3188"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-6718
Vulnerability from cvelistv5
Published
2013-12-01 02:00
Modified
2024-08-06 17:46
Severity ?
EPSS score ?
Summary
The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_bladecenter_advanced_management_module_account_information_exposure_cve_2013_6718 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/55921 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89174 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/100397 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/64032 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_bladecenter_advanced_management_module_account_information_exposure_cve_2013_6718"
},
{
"name": "55921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55921"
},
{
"name": "bladecenter-amm-cve20136718-expose-cred(89174)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89174"
},
{
"name": "100397",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100397"
},
{
"name": "64032",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_bladecenter_advanced_management_module_account_information_exposure_cve_2013_6718"
},
{
"name": "55921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55921"
},
{
"name": "bladecenter-amm-cve20136718-expose-cred(89174)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89174"
},
{
"name": "100397",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100397"
},
{
"name": "64032",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64032"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_bladecenter_advanced_management_module_account_information_exposure_cve_2013_6718",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_bladecenter_advanced_management_module_account_information_exposure_cve_2013_6718"
},
{
"name": "55921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55921"
},
{
"name": "bladecenter-amm-cve20136718-expose-cred(89174)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89174"
},
{
"name": "100397",
"refsource": "OSVDB",
"url": "http://osvdb.org/100397"
},
{
"name": "64032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64032"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-6718",
"datePublished": "2013-12-01T02:00:00",
"dateReserved": "2013-11-08T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3935
Vulnerability from cvelistv5
Published
2009-11-12 16:00
Modified
2024-09-16 19:55
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/36970 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/3188 | vdb-entry, x_refsource_VUPEN | |
| ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36970",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36970"
},
{
"name": "ADV-2009-3188",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36970",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36970"
},
{
"name": "ADV-2009-3188",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36970"
},
{
"name": "ADV-2009-3188",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3188"
},
{
"name": "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg",
"refsource": "CONFIRM",
"url": "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3935",
"datePublished": "2009-11-12T16:00:00Z",
"dateReserved": "2009-11-12T00:00:00Z",
"dateUpdated": "2024-09-16T19:55:50.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0860
Vulnerability from cvelistv5
Published
2014-07-07 10:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90880 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-bladecenter-cve20140860-info-disc(90880)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-bladecenter-cve20140860-info-disc(90880)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-bladecenter-cve20140860-info-disc(90880)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90880"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0860",
"datePublished": "2014-07-07T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8232
Vulnerability from cvelistv5
Published
2017-03-01 21:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-5700 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/121443 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/95839 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z |
Version: Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-5700"
},
{
"name": "lenovo-cve20168232-xss(121443)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121443"
},
{
"name": "95839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z"
}
]
}
],
"datePublic": "2017-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM\u0027s IP address to send a crafted URL that could inject a malicious script to access a user\u0027s AMM data such as cookies or other session information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DOM-Based XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-03T20:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-5700"
},
{
"name": "lenovo-cve20168232-xss(121443)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121443"
},
{
"name": "95839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z",
"version": {
"version_data": [
{
"version_value": "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM\u0027s IP address to send a crafted URL that could inject a malicious script to access a user\u0027s AMM data such as cookies or other session information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DOM-Based XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-5700",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-5700"
},
{
"name": "lenovo-cve20168232-xss(121443)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121443"
},
{
"name": "95839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2016-8232",
"datePublished": "2017-03-01T21:00:00",
"dateReserved": "2016-09-16T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}