First published: Mon Sep 26 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
HCL Connections | =4.0.0.0 | |
HCL Connections | =4.5.0.0 | |
HCL Connections | =5.0.0.0 | |
HCL Connections | =5.5.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-3006 is considered a medium severity vulnerability due to its ability to allow remote authenticated users to execute arbitrary script or HTML.
To fix CVE-2016-3006, ensure to apply the appropriate patches released by IBM for affected versions of IBM Connections.
IBM Connections versions 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 are affected by CVE-2016-3006.
CVE-2016-3006 is a cross-site scripting (XSS) vulnerability.
No, CVE-2016-3006 can only be exploited by authenticated users with access to the Web UI.