Cross-site Scripting Vulnerability in IBM Spectrum Control Web UI
CVE-2016-5944

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
26 September 2016

Summary

A cross-site scripting vulnerability exists in the Web UI of IBM Spectrum Control (formerly known as Tivoli Storage Productivity Center) versions 5.2.x prior to 5.2.11. This security flaw allows remote authenticated users to inject arbitrary web scripts or HTML into the application via an embedded string. This could lead to unauthorized actions and potentially compromise the security of the affected system.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.