Lucene search

IbmCVE-2016-0246

HistoryOct 22, 2016 - 3:59 a.m.

CVE-2016-0246

2016-10-2203:59:06

CWE-79

ibm

web.nvd.nist.gov

cve-2016-0246

cross-site scripting

xss

ibm security guardium

vulnerability

security

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

45.5%

JSON

Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Affected configurations

Nvd

Node

ibmsecurity_guardiumMatch8.2

ibmsecurity_guardiumMatch9.0

ibmsecurity_guardiumMatch9.1

ibmsecurity_guardiumMatch9.5

ibmsecurity_guardiumMatch10.0

ibmsecurity_guardiumMatch10.1

ibmsecurity_guardiumMatch10.01

VendorProductVersionCPE
ibmsecurity_guardium8.2cpe:2.3:a:ibm:security_guardium:8.2:*:*:*:*:*:*:*
ibmsecurity_guardium9.0cpe:2.3:a:ibm:security_guardium:9.0:*:*:*:*:*:*:*
ibmsecurity_guardium9.1cpe:2.3:a:ibm:security_guardium:9.1:*:*:*:*:*:*:*
ibmsecurity_guardium9.5cpe:2.3:a:ibm:security_guardium:9.5:*:*:*:*:*:*:*
ibmsecurity_guardium10.0cpe:2.3:a:ibm:security_guardium:10.0:*:*:*:*:*:*:*
ibmsecurity_guardium10.1cpe:2.3:a:ibm:security_guardium:10.1:*:*:*:*:*:*:*
ibmsecurity_guardium10.01cpe:2.3:a:ibm:security_guardium:10.01:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_guardium	8.2	cpe:2.3:a:ibm:security_guardium:8.2:::::::*
ibm	security_guardium	9.0	cpe:2.3:a:ibm:security_guardium:9.0:::::::*
ibm	security_guardium	9.1	cpe:2.3:a:ibm:security_guardium:9.1:::::::*
ibm	security_guardium	9.5	cpe:2.3:a:ibm:security_guardium:9.5:::::::*
ibm	security_guardium	10.0	cpe:2.3:a:ibm:security_guardium:10.0:::::::*
ibm	security_guardium	10.1	cpe:2.3:a:ibm:security_guardium:10.1:::::::*
ibm	security_guardium	10.01	cpe:2.3:a:ibm:security_guardium:10.01:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21990377

www.securityfocus.com/bid/93400

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

45.5%

JSON

Related for CVE-2016-0246