CVE-2016-0316

Name of the Vulnerable Software and Affected Versions IBM Jazz Reporting Service versions 6.0 through 6.0.1 before 6.0.1 iFix006 IBM Jazz Reporting Service version 6.0.2 before iFix003

Description A cross-site scripting (XSS) issue in the Lifecycle Query Engine (LQE) of IBM Jazz Reporting Service allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. This could potentially lead to unauthorized actions on the affected system.

Recommendations For IBM Jazz Reporting Service versions 6.0 through 6.0.1, apply iFix006 to resolve the issue. For IBM Jazz Reporting Service version 6.0.2, apply iFix003 to resolve the issue.