PT-2020-20107 · Ibm Lenovo · Imm2
Published
2020-09-15
·
Updated
2020-09-22
·
CVE-2020-8340
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
IBM and Lenovo System x IMM2 versions prior to 5.60
Description
A cross-site scripting (XSS) issue was found in the legacy IBM and Lenovo System x IMM2 embedded Baseboard Management Controller (BMC) web interface. This could allow JavaScript code to be executed in a user's web browser if they visit a crafted URL, possibly through phishing. The attack requires specific knowledge of the user's network and is limited to the user's normal access restrictions and permissions. The JavaScript code is executed in the user's browser, not on the IMM2 itself.
Recommendations
For versions prior to 5.60, update to version 5.60 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Imm2