Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM787815D1DC2E281DE35298CAAB05226EDFBAD50569E98D47990AE2E835367F74
HistoryJun 17, 2018 - 1:06 p.m.

Security Bulletin: Fix available for Vulnerability in Cross-Site Scripting (XSS) affecting IBM Cúram Social Program Management (CVE-2016-0261)

2018-06-1713:06:59
www.ibm.com
7

EPSS

0.001

Percentile

25.7%

JSON

Summary

IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker might exploit this vulnerability by using a specially crafted URL to run a script in a victim’s web browser.

Vulnerability Details

CVEID: CVE-2016-0261 DESCRIPTION: IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker might exploit this vulnerability by using a specially crafted URL to execute script in a victim’s web browser within the security context of the hosting Web site, when the URL is clicked. An attacker might use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110604 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM Cúram Social Program Management 6.0.0.0 - 6.0.0 SP2
IBM Cúram Social Program Management 6.0.4.0 - 6.0.4.6
IBM Cúram Social Program Management 6.0.5.0 - 6.0.5.9
IBM Cúram Social Program Management 6.1.0.0 - 6.1.0.1
IBM Cúram Social Program Management 6.1.1.0 - 6.1.1.1
IBM Care Management 6.0

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Cúram Social Program Management| 6.0 SP2| Visit IBM Fix Central and upgrade to 6.0 SP2 EP29 or a subsequent 6.0 release
IBM Cúram Social Program Management| 6.0.4| Visit IBM Fix Central and upgrade to 6.0.4.6 iFix3 or a subsequent 6.0.4 release
IBM Cúram Social Program Management| 6.0.5| Visit IBM Fix Central and upgrade to 6.0.5.9 iFix2 or a subsequent 6.0.5 release
IBM Cúram Social Program Management| 6.1.0.1| Visit IBM Fix Central and upgrade to 6.1.0.1 iFix1 or a subsequent 6.1.0 release
IBM Cúram Social Program Management| 6.1.1.1| Visit IBM Fix Central and upgrade to 6.1.1.1 iFix1 or a subsequent 6.1.1 release
IBM Care Management| 6.0| See Workarounds & Mitigations

Workarounds and Mitigations

Customers should contact IBM Cúram Support if they require an IBM Care Management security fix.

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Cross site scripting
2018-03-12 21:29:00
cve
cve
CVE-2016-0261
2018-03-12 21:29:00
cvelist
cvelist
CVE-2016-0261
2018-03-12 21:00:00
nvd
nvd
CVE-2016-0261
2018-03-12 21:29:00

EPSS

0.001

Percentile

25.7%

JSON
Related for 787815D1DC2E281DE35298CAAB05226EDFBAD50569E98D47990AE2E835367F74
prion1cve1cvelist1nvd1