IBM23026033137FDA4774327C8A46F83F110BC60F31967ED6E6297374BE1DFA6F4ESecurity Bulletin: IBM Call Center for Commerce is affected by Cross Site Scripting (XSS) Vulnerability (CVE-2016-6056)
EPSS
Percentile
18.9%
Summary
IBM Call Center for Commerce is vulnerable to a cross-site scripting attack which could lead to unauthorized access through the injected scripts.
Vulnerability Details
CVEID: CVE-2016-6056**
DESCRIPTION:** IBM Call Center for Commerce is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117229 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
IBM Call Center for Commerce 9.3
IBM Call Center for Commerce 9.4
Remediation/Fixes
The recommended solution is to apply the Foundation fix pack followed by the CCC fix pack as soon as practical. Please see below for information about the available fixes
| Product | Foundation Fix pack | IBM Call Center for Commerce Fix pack | How to acquire fix |
|---|---|---|---|
| IBM Call Center for Commerce 9.3 | 930-FP32 | CCC930-FP17 | http://www-933.ibm.com/support/fixcentral/options |
Select appropriate VRMF
IBM Call Center for Commerce 9.4| 940-FP19|CCC940-FP14| http://www-933.ibm.com/support/fixcentral/options
Select appropriate VRMF
Workarounds and Mitigations
None
Related
EPSS
Percentile
18.9%