PT-2016-4179 · Ibm · Ibm Algorithmics One-Algo Risk Application

Publicado

2016-05-15

Atualizado

2016-05-16

CVE-2016-0390

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions IBM Algorithmics Algo One Algo Risk Application (ARA) versions 4.9.1 through 5.1.0

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. This could potentially lead to unauthorized actions on the affected system.

Recommendations For versions 4.9.1 through 5.1.0, update to a version that contains a fix for this issue to prevent remote authenticated users from injecting arbitrary web script or HTML. As a temporary workaround, consider restricting access to crafted URLs to minimize the risk of exploitation.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2016-0390

Produtos afetados

Ibm Algorithmics One-Algo Risk Application

PT-2016-4179 · Ibm · Ibm Algorithmics One-Algo Risk Application

CVE-2016-0390

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3