| Vulnerability Name: | CVE-2016-2954 (CCN-113733) | ||||||||||||
| Assigned: | 2016-08-17 | ||||||||||||
| Published: | 2016-08-17 | ||||||||||||
| Updated: | 2016-11-28 | ||||||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2956 and CVE-2016-3008. | ||||||||||||
| CVSS v3 Severity: | 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-2954 Source: CONFIRM Type: Patch, Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21988990 Source: CCN Type: IBM Security Bulletin 1988990 (Connections) IBM Connections Security Refresh for CVE-2016-2954, CVE-2016-2956,CVE-2016-3008 Source: BID Type: UNKNOWN 92543 Source: CCN Type: BID-92543 IBM Connections CVE-2016-2954 Unspecified Cross Site Scripting Vulnerability Source: XF Type: UNKNOWN ibm-connections-cve20162954-xss(113733) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||