Cross-site Scripting Vulnerability in IBM Spectrum Control Web UI
CVE-2016-5944

5.4MEDIUM

Key Information:

Vendor

IBM
Status
Spectrum Control
Vendor
CVE Published:
26 September 2016

What is CVE-2016-5944?

A cross-site scripting vulnerability exists in the Web UI of IBM Spectrum Control (formerly known as Tivoli Storage Productivity Center) versions 5.2.x prior to 5.2.11. This security flaw allows remote authenticated users to inject arbitrary web scripts or HTML into the application via an embedded string. This could lead to unauthorized actions and potentially compromise the security of the affected system.

References

http://www.securityfocus.com/bid/93087
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21988625
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IT16944
vendor-advisoryx_refsource_AIXAPAR

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.