How severe is CVE-2020-8339?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2020-8339?

This is classified as CWE-522, which is a common weakness in software security.

CVE-2020-8339 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a malicious web site, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the malicious web site. Impact is limited to the normal access restrictions of the user visiting the malicious web site, and subject to the user being logged into AMM, being able to connect to both AMM and the malicious web site while the web browser is open, and using a web browser that does not inherently protect against this class of attack. The JavaScript code is not executed on AMM itself.

Related Vulnerabilities

CVE-2020-15157

MEDIUM

CVSS:6.1(Medium)

In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schem...

CWE-5222020

CVE-2023-42955

MEDIUM

CVSS:6.1(Medium)

Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue ha...

CWE-5222023

CVE-2024-29216

MEDIUM

CVSS:6.1(Medium)

Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitr...

CWE-5222024

CVE-2019-10205

MEDIUM

CVSS:6.0(Medium)

A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write cont...

CWE-5222019

CVE-2019-4693

MEDIUM

CVSS:6.0(Medium)

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831.

CWE-5222019

CVE-2019-4239

MEDIUM

CVSS:6.2(Medium)

IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.

CWE-5222019