Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFCB93416F9C27ADE6ED288F9F6ECFA62BD7B2C4BA1DE430D0D1E4A24CE7EAF66
HistoryJun 15, 2018 - 10:43 p.m.

Security Bulletin: Vulnerability in Web Browser XSS Protection affects IBM Algo One - Algo Risk Application (CVE-2016-0390)

2018-06-1522:43:23
www.ibm.com
4

0.001 Low

EPSS

Percentile

25.7%

JSON

Summary

Vulnerability in Web Browser XSS Protection

Vulnerability Details

CVEID: CVE-2016-0390**
DESCRIPTION:** IBM Algo One - Algo Risk Application is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112533&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

ARA Versions 4.9.1 through 5.1.0

Remediation/Fixes

Patch Number

| Download URL
—|—
Algo One ARA 510-022| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.0-Algo-OneARA-if0001:0&includeSupersedes=0&source=fc&login=true
Algo One ARA 500-267| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.6-Algo-OneARA-if0009:0&includeSupersedes=0&source=fc&login=true
Algo One ARA 491-039| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.1-Algo-OneARA-if-0019:0&includeSupersedes=0&source=fc&login=true
Algo One ARA 491-038| _http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.0-Algo-OneARA-if0014:0&includeSupersedes=0&source=fc&login=true _

Workarounds and Mitigations

None

Related

nvd 1
ibm 1
prion 1
cvelist 1
cve 1
nvd
nvd
CVE-2016-0390
2016-05-15 01:59:02
ibm
ibm
Security Bulletin: Vulnerability in Web Browser XSS Protection affects IBM Algo One - Algo Risk Application (CVE-2016-0390)
2018-06-15 22:43:23
prion
prion
Cross site scripting
2016-05-15 01:59:00
cvelist
cvelist
CVE-2016-0390
2016-05-15 01:00:00
cve
cve
CVE-2016-0390
2016-05-15 01:59:02

0.001 Low

EPSS

Percentile

25.7%

JSON
Related for FCB93416F9C27ADE6ED288F9F6ECFA62BD7B2C4BA1DE430D0D1E4A24CE7EAF66
nvd1ibm1prion1cvelist1cve1