Vulnerability Description
A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a malicious web site, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the malicious web site. Impact is limited to the normal access restrictions of the user visiting the malicious web site, and subject to the user being logged into AMM, being able to connect to both AMM and the malicious web site while the web browser is open, and using a web browser that does not inherently protect against this class of attack. The JavaScript code is not executed on AMM itself.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Bladecenter Advanced Management Module Firmware | < 3.68n |
| Ibm | Bladecenter Advanced Management Module | - |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/product_security/LEN-38385Third Party Advisory
- https://support.lenovo.com/us/en/product_security/LEN-38385Third Party Advisory
FAQ
What is CVE-2020-8339?
CVE-2020-8339 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability cou...
How severe is CVE-2020-8339?
CVE-2020-8339 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8339?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Bladecenter Advanced Management Module Firmware, Ibm Bladecenter Advanced Management Module.