CVE-2016-0895 Information

Description

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Reference

http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html http://seclists.org/bugtraq/2016/May/9 http://www.securitytracker.com/id/1035714

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3