Sign-up

ID

VAR-201702-0517


CVE

CVE-2016-6062


TITLE

IBM Resilient Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-007673

DESCRIPTION

IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference#: 213457065. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 1.89

sources: NVD: CVE-2016-6062 // JVNDB: JVNDB-2016-007673 // BID: 94268

AFFECTED PRODUCTS

vendor:ibmmodel:resilientscope:eqversion:26.0

Trust: 2.4

vendor:ibmmodel:resilientscope:eqversion:26.1

Trust: 2.4

vendor:ibmmodel:resilientscope:eqversion:26.2

Trust: 2.4

vendor:ibmmodel:resilientscope:eqversion:26

Trust: 0.3

vendor:ibmmodel:resilientscope:neversion:26.3

Trust: 0.3

sources: BID: 94268 // JVNDB: JVNDB-2016-007673 // CNNVD: CNNVD-201611-365 // NVD: CVE-2016-6062

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-6062
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201611-365
value: MEDIUM

Trust: 0.6

NVD: CVE-2016-6062
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2016-6062
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2016-007673 // CNNVD: CNNVD-201611-365 // NVD: CVE-2016-6062

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2016-007673 // NVD: CVE-2016-6062

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-365

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201611-365

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-6062

PATCH
title:IBM Resilient - Cross Site Scripting Vulnerability (CVE-2016-6062)url:https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-resilient-cross-site-scripting-vulnerability-cve-2016-6062/
Trust: 0.8
title:IBM Resilient Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65724
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-007673 // 
            
            
            
            CNNVD: CNNVD-201611-365

EXTERNAL IDS
db:NVDid:CVE-2016-6062
Trust: 2.7
db:BIDid:94268
Trust: 1.9
db:JVNDBid:JVNDB-2016-007673
Trust: 0.8
db:CNNVDid:CNNVD-201611-365
Trust: 0.6
sources:
            
            
            BID: 94268 // 
            
            
            
            JVNDB: JVNDB-2016-007673 // 
            
            
            
            CNNVD: CNNVD-201611-365 // 
            
            
            
            NVD: CVE-2016-6062

REFERENCES
url:https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-resilient-cross-site-scripting-vulnerability-cve-2016-6062/
Trust: 1.9
url:http://www.securityfocus.com/bid/94268
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6062
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6062
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
sources:
            
            
            BID: 94268 // 
            
            
            
            JVNDB: JVNDB-2016-007673 // 
            
            
            
            CNNVD: CNNVD-201611-365 // 
            
            
            
            NVD: CVE-2016-6062

CREDITS
IBM
Trust: 0.9
sources:
            
            
            BID: 94268 // 
            
            
            
            CNNVD: CNNVD-201611-365

SOURCES
db:BIDid:94268
db:JVNDBid:JVNDB-2016-007673
db:CNNVDid:CNNVD-201611-365
db:NVDid:CVE-2016-6062

LAST UPDATE DATE
2022-05-04T10:08:49.533000+00:00

SOURCES UPDATE DATE
db:BIDid:94268date:2016-11-24T01:09:00
db:JVNDBid:JVNDB-2016-007673date:2017-03-09T00:00:00
db:CNNVDid:CNNVD-201611-365date:2016-11-18T00:00:00
db:NVDid:CVE-2016-6062date:2017-02-22T17:54:00

SOURCES RELEASE DATE
db:BIDid:94268date:2016-11-10T00:00:00
db:JVNDBid:JVNDB-2016-007673date:2017-03-09T00:00:00
db:CNNVDid:CNNVD-201611-365date:2016-11-18T00:00:00
db:NVDid:CVE-2016-6062date:2017-02-16T20:59:00