mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
243 lines
9.0 KiB
JSON
243 lines
9.0 KiB
JSON
{
|
|
"id": "CVE-2020-8340",
|
|
"sourceIdentifier": "psirt@lenovo.com",
|
|
"published": "2020-09-15T15:15:14.230",
|
|
"lastModified": "2024-11-21T05:38:44.560",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user's web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user\u2019s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se detect\u00f3 una vulnerabilidad de tipo cross-site scripting (XSS) en la interfaz web legacy de IBM y Lenovo System x IMM2 (M\u00f3dulo Integrated Management 2) versiones anteriores a 5.60, una interfaz web Baseboard Management Controller (BMC) integrada durante una revisi\u00f3n de seguridad interna. Esta vulnerabilidad podr\u00eda permitir al c\u00f3digo JavaScript ser ejecutado en el navegador web del usuario, si el usuario est\u00e1 convencido de visitar una URL dise\u00f1ada, posiblemente por medio de phishing. Una explotaci\u00f3n con \u00e9xito requiere que sean incluidos conocimientos espec\u00edficos sobre la red del usuario en la URL dise\u00f1ada. El impacto es limitado a las restricciones y permisos de acceso normales del usuario que hace clic en la URL dise\u00f1ada, y est\u00e1 sujeto a que el usuario pueda conectarse y ya est\u00e9 autenticado en IMM2 u otros sistemas. El c\u00f3digo JavaScript no es ejecutado en el propio IMM2"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "psirt@lenovo.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
|
|
"baseScore": 6.3,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "LOW"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 3.4
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"baseScore": 6.1,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 2.7
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"baseScore": 4.3,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "psirt@lenovo.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:lenovo:integrated_management_module_2:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "5.60",
|
|
"matchCriteriaId": "271BEC0B-274D-4D0A-A2BD-EFC5C0499DB1"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lenovo:flex_system_nx360_m5:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "51CC6CD5-FCAC-4D2C-B317-59F7D104F1BD"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lenovo:flex_system_x240:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9BBA2148-9A2A-4216-8A68-1289386DA71D"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lenovo:flex_system_x3250_m6:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "787E3EF4-0ACB-4E3E-8932-471E94F4E288"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lenovo:flex_system_x3500_m5:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B314A309-C2E4-4D2C-AC1C-F3F068A9C588"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lenovo:flex_system_x3550_m5:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F7195ED2-0D10-4FBA-BADD-6859587F1249"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lenovo:flex_system_x3650_m5:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EA18952C-2981-4CE7-8611-94DD251EC1E8"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lenovo:flex_system_x3750_m4:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A1987191-FC33-4C76-991D-A25258550041"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lenovo:flex_system_x3850_x6:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C32626B5-9921-4A4B-B998-DBC416C13377"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lenovo:flex_system_x3950_x6:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A79063A0-4342-4FE3-8C30-B8304D5F8D43"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lenovo:flex_system_x440:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3D5B7974-7069-4C39-8851-8E053D9B3920"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lenovo:flex_system_x880_x6:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "86714374-B1B1-49E0-A156-C95DC06701EC"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:lenovo:integrated_management_module_2:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "5.61",
|
|
"matchCriteriaId": "62C2E31E-C4C4-41C4-87A2-AC6BC5AABA7F"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://support.lenovo.com/us/en/product_security/LEN-44717",
|
|
"source": "psirt@lenovo.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://support.lenovo.com/us/en/product_security/LEN-44717",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |