PT-2016-6745 · Ibm · Ibm Tealeaf Customer Experience
Publicado
2016-09-26
·
Atualizado
2016-11-28
·
CVE-2016-5978
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Tealeaf Customer Experience versions prior to 8.7.1.8847 FP10
IBM Tealeaf Customer Experience versions 8.8 prior to 8.8.0.9049 FP9
IBM Tealeaf Customer Experience version 9.0.0
IBM Tealeaf Customer Experience version 9.0.1 prior to 9.0.1.1117 FP5
IBM Tealeaf Customer Experience version 9.0.1A prior to 9.0.1.5108 9.0.1A FP5
IBM Tealeaf Customer Experience version 9.0.2 prior to 9.0.2.1223 FP3
IBM Tealeaf Customer Experience version 9.0.2A prior to 9.0.2.5224 9.0.2A FP3
Description
A cross-site scripting (XSS) issue exists in the Web UI of the web portal, allowing remote authenticated users to inject arbitrary web script or HTML via an embedded string.
Recommendations
For versions prior to 8.7.1.8847 FP10, update to 8.7.1.8847 FP10 or later.
For versions 8.8 prior to 8.8.0.9049 FP9, update to 8.8.0.9049 FP9 or later.
For version 9.0.0, update to a newer version that contains a fix for this issue.
For version 9.0.1 prior to 9.0.1.1117 FP5, update to 9.0.1.1117 FP5 or later.
For version 9.0.1A prior to 9.0.1.5108 9.0.1A FP5, update to 9.0.1.5108 9.0.1A FP5 or later.
For version 9.0.2 prior to 9.0.2.1223 FP3, update to 9.0.2.1223 FP3 or later.
For version 9.0.2A prior to 9.0.2.5224 9.0.2A FP3, update to 9.0.2.5224 9.0.2A FP3 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Tealeaf Customer Experience