Cross-site Scripting Vulnerability in IBM Spectrum Control Web UI
CVE-2016-5944
5.4MEDIUM
Summary
A cross-site scripting vulnerability exists in the Web UI of IBM Spectrum Control (formerly known as Tivoli Storage Productivity Center) versions 5.2.x prior to 5.2.11. This security flaw allows remote authenticated users to inject arbitrary web scripts or HTML into the application via an embedded string. This could lead to unauthorized actions and potentially compromise the security of the affected system.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved