Cross-Site Scripting Vulnerability in IBM Tivoli Storage Productivity Center
CVE-2016-8943

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Control Standard Select Edition
Vendor: CVE Published:; 1 February 2017

Summary

IBM Tivoli Storage Productivity Center is susceptible to a cross-site scripting flaw that enables attackers to inject arbitrary JavaScript code into the web user interface. This exploitation can modify the intended operations of the application and may result in the disclosure of user credentials during a trusted session. Users of the product should take immediate precautions to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Spectrum Control Standard Select Edition 5.1

Spectrum Control Standard Select Edition 5.1.1

Spectrum Control Standard Select Edition 5.2

References

http://www.securityfocus.com/bid/94917

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=swg21995128

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 1, 2017
Vulnerability Reserved
Oct 25, 2016