Lucene search

[email protected]CVE-2016-0313

HistoryJul 08, 2016 - 1:59 a.m.

CVE-2016-0313

2016-07-0801:59:05

CWE-79

[email protected]

web.nvd.nist.gov

cve-2016-0313

cross-site scripting

xss

ibm jazz reporting service

report builder

data collection component

dcc

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0350.

Affected configurations

NVD

Node

ibmjazz_reporting_serviceMatch5.0

ibmjazz_reporting_serviceMatch5.0.1

ibmjazz_reporting_serviceMatch5.0.2

ibmjazz_reporting_serviceMatch6.0

ibmjazz_reporting_serviceMatch6.0.1

CPENameOperatorVersion
ibm:jazz_reporting_serviceibm jazz reporting serviceeq5.0
ibm:jazz_reporting_serviceibm jazz reporting serviceeq5.0.1
ibm:jazz_reporting_serviceibm jazz reporting serviceeq5.0.2
ibm:jazz_reporting_serviceibm jazz reporting serviceeq6.0
ibm:jazz_reporting_serviceibm jazz reporting serviceeq6.0.1

CPE	Name	Operator	Version
ibm:jazz_reporting_service	ibm jazz reporting service	eq	5.0
ibm:jazz_reporting_service	ibm jazz reporting service	eq	5.0.1
ibm:jazz_reporting_service	ibm jazz reporting service	eq	5.0.2
ibm:jazz_reporting_service	ibm jazz reporting service	eq	6.0
ibm:jazz_reporting_service	ibm jazz reporting service	eq	6.0.1

References

www-01.ibm.com/support/docview.wss?uid=swg21983147

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

Related for CVE-2016-0313

cve2 cvelist3 nvd3 prion3 ibm3