Cross-Site Scripting Vulnerability in IBM Tivoli Storage Productivity Center
CVE-2016-8943
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 1 February 2017
Summary
IBM Tivoli Storage Productivity Center is susceptible to a cross-site scripting flaw that enables attackers to inject arbitrary JavaScript code into the web user interface. This exploitation can modify the intended operations of the application and may result in the disclosure of user credentials during a trusted session. Users of the product should take immediate precautions to mitigate potential risks associated with this vulnerability.
Affected Version(s)
Spectrum Control Standard Select Edition 5.1
Spectrum Control Standard Select Edition 5.1.1
Spectrum Control Standard Select Edition 5.2
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved