Lucene search

[email protected]CVE-2016-0265

HistoryFeb 01, 2017 - 8:59 p.m.

CVE-2016-0265

2017-02-0120:59:00

CWE-79

[email protected]

web.nvd.nist.gov

ibm

campaign

vulnerability

cve-2016-0265

xss

url

security

authentication

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

25.5%

JSON

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Affected configurations

Vulners

NVD

Node

ibm_corporationcampaignMatch7.0

ibm_corporationcampaignMatch7.1

ibm_corporationcampaignMatch7.2

ibm_corporationcampaignMatch7.3

ibm_corporationcampaignMatch7.4

ibm_corporationcampaignMatch7.5

ibm_corporationcampaignMatch8.1

ibm_corporationcampaignMatch8.2

ibm_corporationcampaignMatch8.3

ibm_corporationcampaignMatch8.4

ibm_corporationcampaignMatch8.5

ibm_corporationcampaignMatch8.6

ibm_corporationcampaignMatch9.0

ibm_corporationcampaignMatch9.1

ibm_corporationcampaignMatch8.0

ibm_corporationcampaignMatch7.6

ibm_corporationcampaignMatch9.1.1

ibm_corporationcampaignMatch9.1.2

ibm_corporationcampaignMatch10.0

CPENameOperatorVersion
ibm:campaignibm campaigneq8.6
ibm:campaignibm campaigneq9.1
ibm:campaignibm campaigneq9.1.1
ibm:campaignibm campaigneq9.1.2

CPE	Name	Operator	Version
ibm:campaign	ibm campaign	eq	8.6
ibm:campaign	ibm campaign	eq	9.1
ibm:campaign	ibm campaign	eq	9.1.1
ibm:campaign	ibm campaign	eq	9.1.2

CNA Affected

[
  {
    "product": "Campaign",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "7.0"
      },
      {
        "status": "affected",
        "version": "7.1"
      },
      {
        "status": "affected",
        "version": "7.2"
      },
      {
        "status": "affected",
        "version": "7.3"
      },
      {
        "status": "affected",
        "version": "7.4"
      },
      {
        "status": "affected",
        "version": "7.5"
      },
      {
        "status": "affected",
        "version": "8.1"
      },
      {
        "status": "affected",
        "version": "8.2"
      },
      {
        "status": "affected",
        "version": "8.3"
      },
      {
        "status": "affected",
        "version": "8.4"
      },
      {
        "status": "affected",
        "version": "8.5"
      },
      {
        "status": "affected",
        "version": "8.6"
      },
      {
        "status": "affected",
        "version": "9.0"
      },
      {
        "status": "affected",
        "version": "9.1"
      },
      {
        "status": "affected",
        "version": "8.0"
      },
      {
        "status": "affected",
        "version": "7.6"
      },
      {
        "status": "affected",
        "version": "9.1.1"
      },
      {
        "status": "affected",
        "version": "9.1.2"
      },
      {
        "status": "affected",
        "version": "10.0"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg21986033

www.securityfocus.com/bid/95100

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

25.5%

JSON

Related for CVE-2016-0265

prion1 cvelist1 nvd1