CVE-2016-0280

Name of the Vulnerable Software and Affected Versions IBM Information Server Framework versions 8.5 IBM Information Server Framework and InfoSphere Information Server Business Glossary versions 8.7 before FP2 IBM Information Server Framework and InfoSphere Information Server Business Glossary versions 9.1 before 9.1.2.0 IBM Information Server Framework and InfoSphere Information Governance Catalog versions 11.3 before 11.3.1.2 IBM Information Server Framework and InfoSphere Information Governance Catalog versions 11.5 before 11.5.0.1

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Recommendations For IBM Information Server Framework version 8.5, update to a version later than 8.5. For IBM Information Server Framework and InfoSphere Information Server Business Glossary version 8.7, apply FP2 or later. For IBM Information Server Framework and InfoSphere Information Server Business Glossary version 9.1, update to version 9.1.2.0 or later. For IBM Information Server Framework and InfoSphere Information Governance Catalog version 11.3, update to version 11.3.1.2 or later. For IBM Information Server Framework and InfoSphere Information Governance Catalog version 11.5, update to version 11.5.0.1 or later.