What is the severity of CVE-2016-0280?

CVE-2016-0280 has a medium severity rating due to its potential for cross-site scripting attacks.

How do I fix CVE-2016-0280?

To fix CVE-2016-0280, update to the latest version of IBM Information Server Framework or apply the relevant fixes for the affected versions.

What software is affected by CVE-2016-0280?

CVE-2016-0280 affects IBM Information Server Framework versions 8.5, 8.7, and 9.1, as well as InfoSphere Information Server Business Glossary versions 8.7 and 9.1.

What type of vulnerability is CVE-2016-0280?

CVE-2016-0280 is a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts.

Where can I find more information about CVE-2016-0280?

Additional information regarding CVE-2016-0280 can typically be found in IBM's security advisories and documentation.

Vulnerability/
CVE-2016-0280

medium

5.4

CWE

8/8/2016

5/8/2024

CVE-2016-0280: XSS

First published: Mon Aug 08 2016(Updated: )

Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server Framework and InfoSphere Information Server Business Glossary 9.1 before 9.1.2.0, Information Server Framework and InfoSphere Information Governance Catalog 11.3 before 11.3.1.2, and Information Server Framework and InfoSphere Information Governance Catalog 11.5 before 11.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM InfoSphere Information Server	=8.5
IBM InfoSphere Information Server	=8.7
IBM InfoSphere Information Server	=9.1
IBM InfoSphere Information Server	=11.3
IBM InfoSphere Information Server	=11.5
IBM InfoSphere Information Governance Catalog	=11.3
IBM InfoSphere Information Governance Catalog	=11.5
IBM InfoSphere Information Server Business Glossary	=8.7
IBM InfoSphere Information Server Business Glossary	=9.1

Remedy

http://www-01.ibm.com/support/docview.wss?uid=swg21981766

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-0280?
CVE-2016-0280 has a medium severity rating due to its potential for cross-site scripting attacks.
How do I fix CVE-2016-0280?
To fix CVE-2016-0280, update to the latest version of IBM Information Server Framework or apply the relevant fixes for the affected versions.
What software is affected by CVE-2016-0280?
CVE-2016-0280 affects IBM Information Server Framework versions 8.5, 8.7, and 9.1, as well as InfoSphere Information Server Business Glossary versions 8.7 and 9.1.
What type of vulnerability is CVE-2016-0280?
CVE-2016-0280 is a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts.
Where can I find more information about CVE-2016-0280?
Additional information regarding CVE-2016-0280 can typically be found in IBM's security advisories and documentation.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/remedy
agent/last-modified-date
agent/first-publish-date
agent/description
agent/event
agent/source
agent/weakness
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm infosphere information server
version/ibm infosphere information server/8.5
version/ibm infosphere information server/8.7
version/ibm infosphere information server/9.1
version/ibm infosphere information server/11.3
version/ibm infosphere information server/11.5
canonical/ibm infosphere information governance catalog
version/ibm infosphere information governance catalog/11.3
version/ibm infosphere information governance catalog/11.5
canonical/ibm infosphere information server business glossary
version/ibm infosphere information server business glossary/8.7
version/ibm infosphere information server business glossary/9.1