Main Vulnerability Database SB2016070405

SB2016070405 - Cross-site scripting in IBM WebSphere Commerce Developer

Published: July 4, 2016 Updated: July 12, 2020

Security Bulletin ID SB2016070405

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Cross-site scripting (CVE-ID: CVE-2016-2862)

CWE-ID: CWE-310 - Cryptographic Issues

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to conduct cross-site scripting attacks.

The vulnerability exists due to input validation error. A remote unauthenticated attacker can steal the victim's cookie based authentication credentials by creating a specially crafted URL to execute script in a victim's web browser within the security context of the hosting website.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21983625