CVE-2016-2995 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4 4.5 through CR5 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors a different vulnerability than CVE-2016-2997 CVE-2016-3005 and CVE-2016-3010.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/92576 http://www-01.ibm.com/support/docview.wss?uid=swg1LO89929 http://www-01.ibm.com/support/docview.wss?uid=swg21988991

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4

Share on: