CVE-2015-8531

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Security Access Manager For Web 8.0 Firmware; Security Access Manager 9.0 Firmware
Vendor: CVE Published:; 15 February 2016

Summary

Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV80692

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21974651

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 15, 2016
Vulnerability Reserved
Dec 8, 2015