Vulnerability Name:

CVE-2016-0243 (CCN-110444)

Assigned:2015-12-08
Published:2016-02-23
Updated:2017-09-03
Summary:Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244.
Appropriate Vendor Advisory Link: <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21976358">HERE</a>
CVSS v3 Severity:6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Cross-Site Scripting
References:Source: MITRE
Type: CNA
CVE-2016-0243

Source: AIXAPAR
Type: UNKNOWN
PI54088

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/support/docview.wss?uid=swg21975358

Source: CCN
Type: IBM Security Bulletin 1976358 (WebSphere Portal)
Fixes available for Security Vulnerabilities in IBM WebSphere Portal

Source: CCN
Type: IBM Security Bulletin 1976919 (Cram Social Program Management)
Fixes available for Vulnerabilities in IBM ACF (Active Content Filtering) affects IBM Cram Social Program Management (CVE-2015-1917, CVE-2016-0243)

Source: CCN
Type: IBM Security Bulletin 1978935 (Rational DOORS Next Generation)
Vulnerability in Rational DOORS Next Generation and Rational Requirements Composer with potential for Cross Site Scripting attack (CVE-2016-0243)

Source: CCN
Type: IBM Security Bulletin 1986626 (Connections Docs)
IBM Active Content Filtering Vunerability impacts IBM Docs (CVE-2016-0243 )

Source: CCN
Type: IBM Security Bulletin 1991265 (Connections Mail)
Cross-Site Scripting Vulnerability (CVE-2016-0243) Affects IBM Connections Mail

Source: CCN
Type: IBM Security Bulletin 2006441 (Sametime)
Various Security Vulnerabilities in IBM Sametime Proxy Server

Source: CCN
Type: IBM Security Bulletin 2006444 (Sametime)
Security vulnerabilities in IBM Sametime Connect client (CVE-2016-0243, CVE-2016-2974)

Source: BID
Type: UNKNOWN
100572

Source: CCN
Type: BID-100572
IBM Sametime Proxy Server Multiple Security Vulnerabilities

Source: BID
Type: UNKNOWN
83488

Source: CCN
Type: BID-83488
IBM WebSphere Portal CVE-2016-0243 Unspecified Cross Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
ibm-websphere-cve20160243-xss(110444)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:websphere_portal:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:sametime:8.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sametime:9.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sametime:9.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:6.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sametime:9.0.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm websphere portal 6.1.0.0
    ibm websphere portal 6.1.0.1
    ibm websphere portal 6.1.0.2
    ibm websphere portal 6.1.0.3
    ibm websphere portal 6.1.0.4
    ibm websphere portal 6.1.0.5
    ibm websphere portal 6.1.0.6
    ibm websphere portal 6.1.5.0
    ibm websphere portal 6.1.5.1
    ibm websphere portal 6.1.5.2
    ibm websphere portal 6.1.5.3
    ibm websphere portal 7.0.0.0
    ibm websphere portal 7.0.0.1
    ibm websphere portal 7.0.0.2
    ibm websphere portal 8.0.0.0
    ibm websphere portal 8.0.0.1
    ibm websphere portal 8.5.0.0
    ibm websphere portal 7.0
    ibm websphere portal 8.0
    ibm websphere portal 8.5
    ibm websphere portal 6.1
    ibm sametime 8.5.2
    ibm sametime 8.5.2.1
    ibm sametime 9.0.0.0
    ibm sametime 9.0.0.1
    ibm rational doors next generation 4.0.1
    ibm rational doors next generation 4.0.5
    ibm rational doors next generation 5.0.2
    ibm rational doors next generation 4.0.2
    ibm rational doors next generation 4.0.3
    ibm rational doors next generation 4.0.4
    ibm rational doors next generation 4.0.6
    ibm rational doors next generation 4.0.7
    ibm rational doors next generation 5.0
    ibm rational doors next generation 5.0.1
    ibm curam social program management 6.0.4
    ibm curam social program management 6.0.5
    ibm curam social program management 6.0
    ibm curam social program management 5.2
    ibm rational doors next generation 6.0
    ibm rational doors next generation 6.0.1
    ibm curam social program management 6.0.1
    ibm curam social program management 6.1.0.0
    ibm curam social program management 6.1.1.0
    ibm sametime 9.0.1