Cross-Site Scripting Vulnerability in IBM Sametime Media Services
CVE-2016-2973

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
29 August 2017

Summary

IBM Sametime Media Services versions 8.5.2 and 9.0 are affected by a cross-site scripting (XSS) vulnerability. This issue enables malicious users to inject arbitrary JavaScript code into the Web User Interface (UI). If exploited, this vulnerability can alter the intended functionality of the application and potentially allow for sensitive credential disclosure during a trusted session. It is crucial that users take necessary precautions to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Sametime 8.5.2

Sametime 8.5.2.1

Sametime 9.0

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.