CVE-2020-8339

Name of the Vulnerable Software and Affected Versions IBM BladeCenter Advanced Management Module (AMM) versions prior to 3.68n

Description A cross-site scripting inclusion (XSSI) issue was found in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface. This could allow an authenticated user's AMM credentials to be disclosed if the user visits a malicious web site, possibly through phishing. The impact is limited to the normal access restrictions of the user visiting the malicious web site and requires the user to be logged into AMM and able to connect to both AMM and the malicious web site while the web browser is open. The issue is also dependent on the user's web browser not protecting against this class of attack. The JavaScript code is not executed on AMM itself.

Recommendations For versions prior to 3.68n, update to version 3.68n or later to resolve the issue. As a temporary workaround, consider restricting access to the AMM web interface until the update is applied. Additionally, users should be cautious when clicking on links from unknown sources to minimize the risk of phishing attacks.