Sign-up

ID

VAR-201908-0043


CVE

CVE-2019-6159


TITLE

Old IBM System x IMM Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-008655

DESCRIPTION

A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected. The following products and versions are affected: BladeCenter HS22; BladeCenter HS22V; BladeCenter HX5; System x iDataPlex dx360 M2; System x iDataPlex dx360 M3; System x3400 M3 System x3500 M2; ; System x3650 M3; System x3690 X5; System x3850 X5; System x3950 X5

Trust: 1.71

sources: NVD: CVE-2019-6159 // JVNDB: JVNDB-2019-008655 // VULHUB: VHN-157594

AFFECTED PRODUCTS

vendor:lenovomodel:system x3550 m3scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:system x3650 m3scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:system x3560 m2scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:system x3500 m2scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:system x3950 x5scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:system x idataplex dx360 m3scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:system x idataplex dx360 m2scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:system x3630 m3scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:system x3400 m3scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:bladecenter hs22scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:system x3500 m3scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:system x3690 x5scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:bladecenter hx5scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:system x3850 x5scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:bladecenter hs22vscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:bladecenter hs22scope: - version: -

Trust: 0.8

vendor:lenovomodel:bladecenter hs22vscope: - version: -

Trust: 0.8

vendor:lenovomodel:bladecenter hx5scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x idataplex dx360 m2scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x idataplex dx360 m3scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3400 m3scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3500 m2scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3500 m3scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3550 m3scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3560 m2scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008655 // NVD: CVE-2019-6159

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6159
value: MEDIUM

Trust: 1.0

psirt@lenovo.com: CVE-2019-6159
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-6159
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-602
value: MEDIUM

Trust: 0.6

VULHUB: VHN-157594
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6159
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-157594
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6159
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

psirt@lenovo.com: CVE-2019-6159
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-6159
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-157594 // JVNDB: JVNDB-2019-008655 // CNNVD: CNNVD-201908-602 // NVD: CVE-2019-6159 // NVD: CVE-2019-6159

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-157594 // JVNDB: JVNDB-2019-008655 // NVD: CVE-2019-6159

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-602

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201908-602

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008655

PATCH
title:LEN-24785url:https://support.lenovo.com/solutions/LEN-24785
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008655

EXTERNAL IDS
db:NVDid:CVE-2019-6159
Trust: 2.5
db:LENOVOid:LEN-24785
Trust: 1.7
db:JVNDBid:JVNDB-2019-008655
Trust: 0.8
db:CNNVDid:CNNVD-201908-602
Trust: 0.7
db:VULHUBid:VHN-157594
Trust: 0.1
sources:
            
            
            VULHUB: VHN-157594 // 
            
            
            
            JVNDB: JVNDB-2019-008655 // 
            
            
            
            CNNVD: CNNVD-201908-602 // 
            
            
            
            NVD: CVE-2019-6159

REFERENCES
url:https://support.lenovo.com/solutions/len-24785
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/165069
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-6159
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6159
Trust: 0.8
url:https://support.lenovo.com/us/en/product_security/len-24785
Trust: 0.6
sources:
            
            
            VULHUB: VHN-157594 // 
            
            
            
            JVNDB: JVNDB-2019-008655 // 
            
            
            
            CNNVD: CNNVD-201908-602 // 
            
            
            
            NVD: CVE-2019-6159

SOURCES
db:VULHUBid:VHN-157594
db:JVNDBid:JVNDB-2019-008655
db:CNNVDid:CNNVD-201908-602
db:NVDid:CVE-2019-6159

LAST UPDATE DATE
2024-11-23T22:33:48.531000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-157594date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-008655date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-602date:2019-09-04T00:00:00
db:NVDid:CVE-2019-6159date:2024-11-21T04:46:03.150

SOURCES RELEASE DATE
db:VULHUBid:VHN-157594date:2019-08-19T00:00:00
db:JVNDBid:JVNDB-2019-008655date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-602date:2019-08-08T00:00:00
db:NVDid:CVE-2019-6159date:2019-08-19T15:15:11.513