Main Vulnerability Database Vulnerabilities #VU40003

Improper access control in Jazz Reporting Service - CVE-2016-0317

Published: November 25, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40003

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-0317

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
Jazz Reporting Service

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

How to mitigate CVE-2016-0317

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/92463
http://www-01.ibm.com/support/docview.wss?uid=swg21983137

Improper access control in Jazz Reporting Service - CVE-2016-0317

Detailed vulnerability description

How to mitigate CVE-2016-0317

Sources

Please verify you're human