CVE-2016-9000

2017-02-0122:00:00

ibm

www.cve.org

0.001 Low

EPSS

Percentile

48.3%

JSON

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks.

CNA Affected

[
  {
    "product": "InfoSphere Information Server",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "8.1"
      },
      {
        "status": "affected",
        "version": "8.5"
      },
      {
        "status": "affected",
        "version": "8.0"
      },
      {
        "status": "affected",
        "version": "8.5.0.1"
      },
      {
        "status": "affected",
        "version": "8.7"
      },
      {
        "status": "affected",
        "version": "9.1"
      },
      {
        "status": "affected",
        "version": "8.0.1"
      },
      {
        "status": "affected",
        "version": "10.0"
      },
      {
        "status": "affected",
        "version": "11.3"
      },
      {
        "status": "affected",
        "version": "10"
      },
      {
        "status": "affected",
        "version": "11.3.0.0"
      },
      {
        "status": "affected",
        "version": "11.3.1.0"
      },
      {
        "status": "affected",
        "version": "11.5"
      }
    ]
  }
]