CVE-2020-8339

CVSS V2 Medium 4.3 CVSS V3 Medium 6.1
Description
A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a malicious web site, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the malicious web site. Impact is limited to the normal access restrictions of the user visiting the malicious web site, and subject to the user being logged into AMM, being able to connect to both AMM and the malicious web site while the web browser is open, and using a web browser that does not inherently protect against this class of attack. The JavaScript code is not executed on AMM itself.
Overview
  • CVE ID
  • CVE-2020-8339
  • Assigner
  • psirt@lenovo.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2020-09-15T15:15:14
  • Last Modified Date
  • 2020-09-22T17:10:44
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:ibm:bladecenter_advanced_management_module_firmware:*:*:*:*:*:*:*:* 1 OR 3.68n
cpe:2.3:h:ibm:bladecenter_advanced_management_module:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • CHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 6.1
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.8
  • Impact Score
  • 2.7
References
Reference URL Reference Tags
https://support.lenovo.com/us/en/product_security/LEN-38385 Third Party Advisory
History
Created Old Value New Value Data Type Notes
2022-05-10 17:13:45 Added to TrackCVE
2022-12-04 22:40:03 2020-09-15T15:15Z 2020-09-15T15:15:14 CVE Published Date updated
2022-12-04 22:40:03 2020-09-22T17:10:44 CVE Modified Date updated
2022-12-04 22:40:03 Analyzed Vulnerability Status updated