6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
A JSoup vulnerablity which allows a remote attacker to exploit a specially-crafted URL to access user authentication credentials was addressed by IBM Forms Experience Builder.
CVE-ID: CVE-2015-6748
Description: JSoup is vulnerable to cross-site scripting, caused by improper validation of user supplied input by the SafeHTML validator. A remote attacker could exploit this vulnerability using a specially crafted URL. Once the URL is clicked, a script is executed in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie based authentication credentials.
CVSS Base Score: 6.100
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/106163> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
IBM Forms Experience Builder 8.5
IBM Forms Experience Builder 8.5.1
IBM Forms Experience Builder 8.6
** Product**
| VRMF|** APAR**|** Remediation**
—|—|—|—
IBM Forms Experience Builder| 8.5.0.| LO87135| Download and Install 8.5.1.1
IBM Forms Experience Builder| 8.5.1.| LO87135
IBM Forms Experience Builder| 8.6.0.*| LO87135| Download and Install 8.6.2.1
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N