PT-2015-1613 · Ibm · Ibm Security Siteprotector System

Publicado

2015-05-25

·

Atualizado

2015-05-26

·

CVE-2015-0168

CVSS v2.0

3.5

Baixa

VetorAV:N/AC:M/Au:S/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions IBM Security SiteProtector System versions 3.0 through 3.0.0.6 IBM Security SiteProtector System versions 3.1 through 3.1.0.3 IBM Security SiteProtector System versions 3.1.1 through 3.1.1.1
Description The issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, potentially enabling the execution of arbitrary web or HTML code. This is due to a lack of protection for the web page structure.
Recommendations For IBM Security SiteProtector System versions 3.0 through 3.0.0.6, update to version 3.0.0.7 or later. For IBM Security SiteProtector System versions 3.1 through 3.1.0.3, update to version 3.1.0.4 or later. For IBM Security SiteProtector System versions 3.1.1 through 3.1.1.1, update to version 3.1.1.2 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2015-10946
CVE-2015-0168

Produtos afetados

Ibm Security Siteprotector System