Lucene search

IbmCVE-2016-5978

HistorySep 26, 2016 - 4:59 a.m.

CVE-2016-5978

2016-09-2604:59:34

CWE-79

ibm

web.nvd.nist.gov

cve

2016

5978

xss

vulnerability

ibm

tealeaf

customer experience

web portal

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

25.7%

JSON

Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975.

Affected configurations

Nvd

Node

ibmtealeaf_customer_experienceMatch8.7

ibmtealeaf_customer_experienceMatch8.8

ibmtealeaf_customer_experienceMatch9.0.0

ibmtealeaf_customer_experienceMatch9.0.0a

ibmtealeaf_customer_experienceMatch9.0.1

ibmtealeaf_customer_experienceMatch9.0.1a

ibmtealeaf_customer_experienceMatch9.0.2

ibmtealeaf_customer_experienceMatch9.0.2a

VendorProductVersionCPE
ibmtealeaf_customer_experience8.7cpe:2.3:a:ibm:tealeaf_customer_experience:8.7:*:*:*:*:*:*:*
ibmtealeaf_customer_experience8.8cpe:2.3:a:ibm:tealeaf_customer_experience:8.8:*:*:*:*:*:*:*
ibmtealeaf_customer_experience9.0.0cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.0:*:*:*:*:*:*:*
ibmtealeaf_customer_experience9.0.0acpe:2.3:a:ibm:tealeaf_customer_experience:9.0.0a:*:*:*:*:*:*:*
ibmtealeaf_customer_experience9.0.1cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.1:*:*:*:*:*:*:*
ibmtealeaf_customer_experience9.0.1acpe:2.3:a:ibm:tealeaf_customer_experience:9.0.1a:*:*:*:*:*:*:*
ibmtealeaf_customer_experience9.0.2cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2:*:*:*:*:*:*:*
ibmtealeaf_customer_experience9.0.2acpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2a:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tealeaf_customer_experience	8.7	cpe:2.3:a:ibm:tealeaf_customer_experience:8.7:::::::*
ibm	tealeaf_customer_experience	8.8	cpe:2.3:a:ibm:tealeaf_customer_experience:8.8:::::::*
ibm	tealeaf_customer_experience	9.0.0	cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.0:::::::*
ibm	tealeaf_customer_experience	9.0.0a	cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.0a:::::::*
ibm	tealeaf_customer_experience	9.0.1	cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.1:::::::*
ibm	tealeaf_customer_experience	9.0.1a	cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.1a:::::::*
ibm	tealeaf_customer_experience	9.0.2	cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2:::::::*
ibm	tealeaf_customer_experience	9.0.2a	cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2a:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21990216

www.securityfocus.com/bid/93140

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

25.7%

JSON

Related for CVE-2016-5978