Cross-Site Scripting Vulnerability in IBM Tivoli Storage Productivity Center
CVE-2016-8943

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 February 2017

Summary

IBM Tivoli Storage Productivity Center is susceptible to a cross-site scripting flaw that enables attackers to inject arbitrary JavaScript code into the web user interface. This exploitation can modify the intended operations of the application and may result in the disclosure of user credentials during a trusted session. Users of the product should take immediate precautions to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Spectrum Control Standard Select Edition 5.1

Spectrum Control Standard Select Edition 5.1.1

Spectrum Control Standard Select Edition 5.2

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.