6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
The vulnerabilities could allow a remote attacker to conduct phishing attacks or obtain sensitive information, or allow cross-site scripting in OpenID Connect clients.
CVEID: CVE-2016-3040**
DESCRIPTION:** IBM WebSphere Application Server Liberty could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114636 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N)
CVEID: CVE-2016-3042**
DESCRIPTION:** IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting in OpenID Connect clients. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114638 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2016-0378**
DESCRIPTION:** IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by improper handling of exceptions when a default error page does not exist.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112240 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
IBM Monitoring 8.1.2 and 8.1.3
IBM Application Diagnostics 8.1.2 and 8.1.3
IBM Application Performance Management 8.1.2 and 8.1.3
IBM Application Performance Management Advanced 8.1.2 and 8.1.3
IBM Performance Management on Cloud
Product
| Product
VRMF| Remediation
—|—|—
IBM Monitoring
IBM Application Diagnostics
IBM Application Performance Management
IBM Application Performance Management Advanced
| 8.1.3
_ _
_ _| The vulnerabilities can be remediated by applying the following patches:
IBM Application Diagnostics
IBM Application Performance Management
IBM Application Performance Management Advanced
| 8.1.2| The vulnerabilities can be remediated by applying the following patches:
Apply the IBM Performance Management 8.1.2.0 Interim Fix 35 patch to the Performance Management server. The patch is available from Fix Central:
https://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003145
Apply the Hybrid Gateway for IBM Performance Management 8.1.2.0 Interim Fix 36 patch to the Hybrid Gateway. The patch is available from Fix Central:
https://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003146
IBM Application Performance Management on Cloud| N/A| The vulnerabilities can be remediated by applying the following patch:
Apply the Hybrid Gateway for IBM Performance Management 8.1.3.1 Interim Fix 01 patch to the Hybrid Gateway. The patch is available from Fix Central: https://dbluewas1.pok.ibm.com/support/docview.wss?rs=0&uid=isg400001355
CPE | Name | Operator | Version |
---|---|---|---|
tivoli monitoring | eq | 8.1.2 | |
tivoli monitoring | eq | 8.1.3 |
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N