What is the severity of CVE-2015-7417?

CVE-2015-7417 is classified as a moderate severity vulnerability due to its potential impact on authenticated users.

How do I fix CVE-2015-7417?

To fix CVE-2015-7417, upgrade your IBM WebSphere Application Server to version 7.0.0.41, 8.0.0.12, or 8.5.5.9 or later.

Which versions of IBM WebSphere Application Server are affected by CVE-2015-7417?

CVE-2015-7417 affects IBM WebSphere Application Server versions 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9.

What type of vulnerability is CVE-2015-7417?

CVE-2015-7417 is a cross-site scripting (XSS) vulnerability.

Who is at risk from CVE-2015-7417?

Remote authenticated users are at risk of exploitation through crafted data from an OAuth provider in CVE-2015-7417.

Vulnerability/
CVE-2015-7417

medium

5.4

CWE

23/1/2016

6/8/2024

CVE-2015-7417: XSS

First published: Sat Jan 23 2016(Updated: )

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.0
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.1
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.2
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.3
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.4
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.5
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.7
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.9
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.11
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.13
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.15
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.17
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.19
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.21
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.23
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.25
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.27
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.29
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.31
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.33
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.35
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.37
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.39
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.0
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.1
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.2
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.3
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.4
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.5
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.6
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.7
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.8
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.9
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.10
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.11
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.0.0
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.0.1
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.0.2
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.0
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.1
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.2
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.3
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.4
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.5
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.6
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.7
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-7417?
CVE-2015-7417 is classified as a moderate severity vulnerability due to its potential impact on authenticated users.
How do I fix CVE-2015-7417?
To fix CVE-2015-7417, upgrade your IBM WebSphere Application Server to version 7.0.0.41, 8.0.0.12, or 8.5.5.9 or later.
Which versions of IBM WebSphere Application Server are affected by CVE-2015-7417?
CVE-2015-7417 affects IBM WebSphere Application Server versions 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9.
What type of vulnerability is CVE-2015-7417?
CVE-2015-7417 is a cross-site scripting (XSS) vulnerability.
Who is at risk from CVE-2015-7417?
Remote authenticated users are at risk of exploitation through crafted data from an OAuth provider in CVE-2015-7417.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/severity
agent/event
agent/description
agent/first-publish-date
agent/source
agent/weakness
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm websphere application server feature pack for web services
version/ibm websphere application server feature pack for web services/7.0.0.0
version/ibm websphere application server feature pack for web services/7.0.0.1
version/ibm websphere application server feature pack for web services/7.0.0.2
version/ibm websphere application server feature pack for web services/7.0.0.3
version/ibm websphere application server feature pack for web services/7.0.0.4
version/ibm websphere application server feature pack for web services/7.0.0.5
version/ibm websphere application server feature pack for web services/7.0.0.7
version/ibm websphere application server feature pack for web services/7.0.0.9
version/ibm websphere application server feature pack for web services/7.0.0.11
version/ibm websphere application server feature pack for web services/7.0.0.13
version/ibm websphere application server feature pack for web services/7.0.0.15
version/ibm websphere application server feature pack for web services/7.0.0.17
version/ibm websphere application server feature pack for web services/7.0.0.19
version/ibm websphere application server feature pack for web services/7.0.0.21
version/ibm websphere application server feature pack for web services/7.0.0.23
version/ibm websphere application server feature pack for web services/7.0.0.25
version/ibm websphere application server feature pack for web services/7.0.0.27
version/ibm websphere application server feature pack for web services/7.0.0.29
version/ibm websphere application server feature pack for web services/7.0.0.31
version/ibm websphere application server feature pack for web services/7.0.0.33
version/ibm websphere application server feature pack for web services/7.0.0.35
version/ibm websphere application server feature pack for web services/7.0.0.37
version/ibm websphere application server feature pack for web services/7.0.0.39
version/ibm websphere application server feature pack for web services/8.0.0.0
version/ibm websphere application server feature pack for web services/8.0.0.1
version/ibm websphere application server feature pack for web services/8.0.0.2
version/ibm websphere application server feature pack for web services/8.0.0.3
version/ibm websphere application server feature pack for web services/8.0.0.4
version/ibm websphere application server feature pack for web services/8.0.0.5
version/ibm websphere application server feature pack for web services/8.0.0.6
version/ibm websphere application server feature pack for web services/8.0.0.7
version/ibm websphere application server feature pack for web services/8.0.0.8
version/ibm websphere application server feature pack for web services/8.0.0.9
version/ibm websphere application server feature pack for web services/8.0.0.10
version/ibm websphere application server feature pack for web services/8.0.0.11
version/ibm websphere application server feature pack for web services/8.5.0.0
version/ibm websphere application server feature pack for web services/8.5.0.1
version/ibm websphere application server feature pack for web services/8.5.0.2
version/ibm websphere application server feature pack for web services/8.5.5.0
version/ibm websphere application server feature pack for web services/8.5.5.1
version/ibm websphere application server feature pack for web services/8.5.5.2
version/ibm websphere application server feature pack for web services/8.5.5.3
version/ibm websphere application server feature pack for web services/8.5.5.4
version/ibm websphere application server feature pack for web services/8.5.5.5
version/ibm websphere application server feature pack for web services/8.5.5.6
version/ibm websphere application server feature pack for web services/8.5.5.7
version/ibm websphere application server feature pack for web services/8.5.5.8