What is the severity of CVE-2016-8232?

CVE-2016-8232 is rated as a medium severity vulnerability due to its potential impact on the confidentiality of sensitive information.

How do I fix CVE-2016-8232?

To mitigate CVE-2016-8232, update the Advanced Management Module (AMM) to version 66Z or later.

Who is affected by CVE-2016-8232?

CVE-2016-8232 affects users of Lenovo IBM BladeCenter models HS22, HS22V, HS23, HS23E, and HX5 with AMM versions earlier than 66Z.

What kind of attack does CVE-2016-8232 enable?

CVE-2016-8232 allows an unauthenticated attacker to perform cross-site scripting attacks through crafted URLs.

Is CVE-2016-8232 a remote or local attack?

CVE-2016-8232 is considered a remote attack as it can be exploited from outside the network by accessing the AMM's IP address.

Vulnerability/
CVE-2016-8232

medium

6.1

CWE

1/3/2017

6/8/2024

CVE-2016-8232: XSS

First published: Wed Mar 01 2017(Updated: )

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.

Credit: psirt@lenovo.com

Affected Software	Affected Version	How to fix
Ibm Advanced Management Module Firmware
Ibm Advanced Management Module
IBM BladeCenter	=hs22
IBM BladeCenter	=hs22v
IBM BladeCenter	=hs23
IBM BladeCenter	=hs23e
IBM BladeCenter	=hx5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-8232?
CVE-2016-8232 is rated as a medium severity vulnerability due to its potential impact on the confidentiality of sensitive information.
How do I fix CVE-2016-8232?
To mitigate CVE-2016-8232, update the Advanced Management Module (AMM) to version 66Z or later.
Who is affected by CVE-2016-8232?
CVE-2016-8232 affects users of Lenovo IBM BladeCenter models HS22, HS22V, HS23, HS23E, and HX5 with AMM versions earlier than 66Z.
What kind of attack does CVE-2016-8232 enable?
CVE-2016-8232 allows an unauthenticated attacker to perform cross-site scripting attacks through crafted URLs.
Is CVE-2016-8232 a remote or local attack?
CVE-2016-8232 is considered a remote attack as it can be exploited from outside the network by accessing the AMM's IP address.

collector/nvd-index
agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/last-modified-date
agent/author
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/ibm
canonical/ibm advanced management module firmware
canonical/ibm advanced management module
canonical/ibm bladecenter
version/ibm bladecenter/hs22
version/ibm bladecenter/hs22v
version/ibm bladecenter/hs23
version/ibm bladecenter/hs23e
version/ibm bladecenter/hx5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.