CVE-2019-6159

EPSS 0.45%
Veröffentlicht 19.08.2019 15:15:11
Zuletzt bearbeitet 21.11.2024 04:46:03
Quelle psirt@lenovo.com
Teams Watchlist Login
Unerledigt Login

A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lenovo ≫ Bladecenter Hs22 Firmware Version-

Lenovo ≫ Bladecenter Hs22 Version-

Lenovo ≫ Bladecenter Hs22v Firmware Version-

Lenovo ≫ Bladecenter Hs22v Version-

Lenovo ≫ Bladecenter Hx5 Firmware Version-

Lenovo ≫ Bladecenter Hx5 Version-

Lenovo ≫ System X Idataplex Dx360 M2 Firmware Version-

Lenovo ≫ System X Idataplex Dx360 M2 Version-

Lenovo ≫ System X Idataplex Dx360 M3 Firmware Version-

Lenovo ≫ System X Idataplex Dx360 M3 Version-

Lenovo ≫ System X3400 M3 Firmware Version-

Lenovo ≫ System X3400 M3 Version-

Lenovo ≫ System X3500 M2 Firmware Version-

Lenovo ≫ System X3500 M2 Version-

Lenovo ≫ System X3500 M3 Firmware Version-

Lenovo ≫ System X3500 M3 Version-

Lenovo ≫ System X3550 M3 Firmware Version-

Lenovo ≫ System X3550 M3 Version-

Lenovo ≫ System X3560 M2 Firmware Version-

Lenovo ≫ System X3560 M2 Version-

Lenovo ≫ System X3630 M3 Firmware Version-

Lenovo ≫ System X3630 M3 Version-

Lenovo ≫ System X3650 M3 Firmware Version-

Lenovo ≫ System X3650 M3 Version-

Lenovo ≫ System X3690 X5 Firmware Version-

Lenovo ≫ System X3690 X5 Version-

Lenovo ≫ System X3850 X5 Firmware Version-

Lenovo ≫ System X3850 X5 Version-

Lenovo ≫ System X3950 X5 Firmware Version-

Lenovo ≫ System X3950 X5 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.607

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
psirt@lenovo.com	9.6	2.8	6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://support.lenovo.com/solutions/LEN-24785

Vendor Advisory

Mitigation

https://exchange.xforce.ibmcloud.com/vulnerabilities/165069

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2019-6159

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6159

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6159

EUVD