IBM Call Center for Commerce is vulnerable to a cross-site scripting attack which could lead to unauthorized access through the injected scripts.
CVEID: CVE-2016-6056**
DESCRIPTION:** IBM Call Center for Commerce is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117229 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
IBM Call Center for Commerce 9.3
IBM Call Center for Commerce 9.4
The recommended solution is to apply the Foundation fix pack followed by the CCC fix pack as soon as practical. Please see below for information about the available fixes
Product | Foundation Fix pack | IBM Call Center for Commerce Fix pack | How to acquire fix |
---|---|---|---|
IBM Call Center for Commerce 9.3 | 930-FP32 | CCC930-FP17 | http://www-933.ibm.com/support/fixcentral/options |
Select appropriate VRMF
IBM Call Center for Commerce 9.4| 940-FP19|CCC940-FP14| http://www-933.ibm.com/support/fixcentral/options
Select appropriate VRMF
None