IBM80321B96652C5425224D661B00ACECF264D54268EADB697AB7874E7377969E8ASecurity Bulletin:A Security vulnerability has been identified in IBM WebSphere Application Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud (CVE-2016-0283)
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
53.9%
Summary
There is a cross-site scripting vulnerability in WebSphere Application Server Liberty when using the OpenID Connect (OIDC) client.
Vulnerability Details
Please consult the security bulletin
- Security Bulletin: Cross-site scripting vulnerability in the OpenID Connect client web application (CVE-2016-0283)
for vulnerability details and information about fixes.
Affected Products and Versions
This vulnerability affects the following versions and releases of IBM WebSphere Application Server
- Version 8.5.5 Liberty Profile
Workarounds and Mitigations
none
Affected configurations
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
53.9%