CVE-2016-3042

Sažetak

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.

Reference

http://www.securityfocus.com/bid/92985
http://www-01.ibm.com/support/docview.wss?uid=swg1PI64790
http://www-01.ibm.com/support/docview.wss?uid=swg21986716

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

28-11-2016 - 20:06

Objavljeno

01-10-2016 - 01:59