Vulnerability Details CVE-2018-16096
In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2018-16096
-
cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7x81:-
-
cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7y87:-
-
cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7z02:-
-
cpe:2.3:h:lenovo:thinkagile_vx_enclosure_7y11:-
-
cpe:2.3:h:lenovo:thinkagile_vx_enclosure_7y91:-
-
cpe:2.3:h:lenovo:thinksystem_d2_enclosure_7x20:-
-
cpe:2.3:h:lenovo:thinksystem_modular_enclosure_7x22:-
-
cpe:2.3:o:lenovo:system_management_module_firmware:1.05