Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME08B8FAC7EC5D590E8EE4D2A12711F88075E733CD719839BC4C7ED92D76CE88B
HistoryJun 15, 2018 - 10:43 p.m.

Security Bulletin: Vulnerability in Web Browser XSS Protection affects IBM Algo One - Algo Risk Application (CVE-2016-0390)

2018-06-1522:43:23
www.ibm.com
5

0.001 Low

EPSS

Percentile

25.7%

JSON

Summary

Web Browser XSS Protection Not Enabled, or is disabled by the configuration of the ‘X-XSS-Protection’ HTTP response header. Affects Algo Risk Application.

Vulnerability Details

CVEID: CVE-2016-0390**
DESCRIPTION:** IBM Algo One - Algo Risk Application is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112533&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

ARA Versions 4.9.1 through 5.1.0

Remediation/Fixes

Algo One ARA 510-022

| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.0-Algo-OneARA-if0001:0&includeSupersedes=0&source=fc&login=true
—|—
Algo One ARA 500-267| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.6-Algo-OneARA-if0009:0&includeSupersedes=0&source=fc&login=true
Algo One ARA 491-039| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.1-Algo-OneARA-if-0019:0&includeSupersedes=0&source=fc&login=true
Algo One ARA 491-038| _http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.0-Algo-OneARA-if0014:0&includeSupersedes=0&source=fc&login=true _ |
|

—|—

Workarounds and Mitigations

none

Related

nvd 1
prion 1
ibm 1
cvelist 1
cve 1
nvd
nvd
CVE-2016-0390
2016-05-15 01:59:02
prion
prion
Cross site scripting
2016-05-15 01:59:00
ibm
ibm
Security Bulletin: Vulnerability in Web Browser XSS Protection affects IBM Algo One - Algo Risk Application (CVE-2016-0390)
2018-06-15 22:43:23
cvelist
cvelist
CVE-2016-0390
2016-05-15 01:00:00
cve
cve
CVE-2016-0390
2016-05-15 01:59:02

0.001 Low

EPSS

Percentile

25.7%

JSON
Related for E08B8FAC7EC5D590E8EE4D2A12711F88075E733CD719839BC4C7ED92D76CE88B
nvd1prion1ibm1cvelist1cve1