IBM WebSphere Application Server 8.5 < 8.5.5.9 Multiple Vulnerabilities

The remote host appears to be running IBM WebSphere Application Server 8.5 prior to 8.5.5.9. Such versions are potentially affected by multiple issues :

• A flaw exists allowing a reflected cross-site scripting (XSS) vulnerability due to a failure to properly validate output from the OAuth provider before returning it to users. An authenticated, remote attacker can exploit this, via a specially crafted URL, to execute arbitrary script code in a user’s browser session within the security context of the hosting website. (CVE-2015-7417)
• A flaw exists that allows an XSS attack. This flaw exists because the OpenID Connect (OIDC) client does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2016-0283)