Lucene search

[email protected]CVE-2019-6159

HistoryAug 19, 2019 - 3:15 p.m.

CVE-2019-6159

2019-08-1915:15:11

CWE-79

[email protected]

web.nvd.nist.gov

ibm

system x

imm

imm v1

firmware

xss

vulnerability

ibm system x imm

cross-site scripting

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.6%

JSON

A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user’s web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected.

Affected configurations

NVD

Node

lenovobladecenter_hs22_firmwareMatch-

AND

lenovobladecenter_hs22Match-

Node

lenovobladecenter_hs22v_firmwareMatch-

AND

lenovobladecenter_hs22vMatch-

Node

lenovobladecenter_hx5_firmwareMatch-

AND

lenovobladecenter_hx5Match-

Node

lenovosystem_x_idataplex_dx360_m2_firmwareMatch-

AND

lenovosystem_x_idataplex_dx360_m2Match-

Node

lenovosystem_x_idataplex_dx360_m3_firmwareMatch-

AND

lenovosystem_x_idataplex_dx360_m3Match-

Node

lenovosystem_x3400_m3_firmwareMatch-

AND

lenovosystem_x3400_m3Match-

Node

lenovosystem_x3500_m2_firmwareMatch-

AND

lenovosystem_x3500_m2Match-

Node

lenovosystem_x3500_m3_firmwareMatch-

AND

lenovosystem_x3500_m3Match-

Node

lenovosystem_x3550_m3_firmwareMatch-

AND

lenovosystem_x3550_m3Match-

Node

lenovosystem_x3560_m2_firmwareMatch-

AND

lenovosystem_x3560_m2Match-

Node

lenovosystem_x3630_m3_firmwareMatch-

AND

lenovosystem_x3630_m3Match-

Node

lenovosystem_x3650_m3_firmwareMatch-

AND

lenovosystem_x3650_m3Match-

Node

lenovosystem_x3690_x5_firmwareMatch-

AND

lenovosystem_x3690_x5Match-

Node

lenovosystem_x3850_x5_firmwareMatch-

AND

lenovosystem_x3850_x5Match-

Node

lenovosystem_x3950_x5_firmwareMatch-

AND

lenovosystem_x3950_x5Match-

CPENameOperatorVersion
lenovo:bladecenter_hs22_firmwarelenovo bladecenter hs22 firmwareeq-

CPE	Name	Operator	Version
lenovo:bladecenter_hs22_firmware	lenovo bladecenter hs22 firmware	eq	-

CNA Affected

[
  {
    "product": "legacy System x IMM (IMM v1) firmware",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/165069

support.lenovo.com/solutions/LEN-24785

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.6%

JSON

Related for CVE-2019-6159

prion1 nvd1 cvelist1 lenovo2