| Vulnerability Name: | CVE-2016-0390 |
| Assigned: | 2015-12-08 |
| Published: | 2016-05-14 |
| Updated: | 2016-05-16 |
| Summary: | Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
|
| CVSS v3 Severity: | 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required | | Scope: | Scope (S): Changed
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None |
2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Low
Availibility (A): None |
|
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance | | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
|
| Vulnerability Type: | CWE-79
|
| References: | Source: MITRE
Type: CNA
CVE-2016-0390
Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21981321
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:ibm:algo_one:4.9.1:*:*:*:*:*:*:*OR cpe:/a:ibm:algo_one:5.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:algo_one:5.1.0:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |