Research Finds Nearly 800,000 Access Keys Exposed …



Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-8339
PUBLISHED: 2020-09-15

A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user’s AMM credentials to be disclosed if the user is convinced to visit a…

CVE-2020-8340
PUBLISHED: 2020-09-15

A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript cod…

CVE-2020-8342
PUBLISHED: 2020-09-15

A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.

CVE-2020-8346
PUBLISHED: 2020-09-15

A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.

CVE-2020-16101
PUBLISHED: 2020-09-15

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.





Source link