CVE-2024-45094 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2024-45094

Analyzed

More Info Official Page

Source-psirt@us.ibm.com

Published At-27 May, 2025 | 23:15

Updated At-09 Jun, 2025 | 18:51

IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Primary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CPE Matches

IBM Corporation

>>hardware_management_console_r10.0_firmware>>10.0.245.0

cpe:2.3:o:ibm:hardware_management_console_r10.0_firmware:10.0.245.0:*:*:*:*:*:*:*

IBM Corporation

>>hardware_management_console_r10.0_firmware>>10.1.3.0

cpe:2.3:o:ibm:hardware_management_console_r10.0_firmware:10.1.3.0:*:*:*:*:*:*:*

IBM Corporation

>>hardware_management_console_r10.0>>-

cpe:2.3:h:ibm:hardware_management_console_r10.0:-:*:*:*:*:*:*:*

IBM Corporation

>>hardware_management_console_r9.4_firmware>>89.40.83.0

cpe:2.3:o:ibm:hardware_management_console_r9.4_firmware:89.40.83.0:*:*:*:*:*:*:*

IBM Corporation

>>hardware_management_console_r9.4_firmware>>89.41.25.0

cpe:2.3:o:ibm:hardware_management_console_r9.4_firmware:89.41.25.0:*:*:*:*:*:*:*

IBM Corporation

>>hardware_management_console_r9.4_firmware>>89.42.18.0

cpe:2.3:o:ibm:hardware_management_console_r9.4_firmware:89.42.18.0:*:*:*:*:*:*:*

IBM Corporation

>>hardware_management_console_r9.4>>-

cpe:2.3:h:ibm:hardware_management_console_r9.4:-:*:*:*:*:*:*:*

IBM Corporation

>>hardware_management_console_r9.3_firmware>>89.33.45.0

cpe:2.3:o:ibm:hardware_management_console_r9.3_firmware:89.33.45.0:*:*:*:*:*:*:*

IBM Corporation

>>hardware_management_console_r9.3_firmware>>89.33.52.0

cpe:2.3:o:ibm:hardware_management_console_r9.3_firmware:89.33.52.0:*:*:*:*:*:*:*

IBM Corporation

>>hardware_management_console_r9.3>>-

cpe:2.3:h:ibm:hardware_management_console_r9.3:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	psirt@us.ibm.com

References

Hyperlink	Source	Resource
https://www.ibm.com/support/pages/node/7234276	psirt@us.ibm.com	Vendor Advisory