CVE-2016-3008: XSS
First published: Thu Sep 01 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-2956.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Connections Portlets | =5.0.0.0 | |
| IBM Connections Portlets | =5.5.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-3008?
CVE-2016-3008 has been classified as a medium severity vulnerability due to its potential for remote script injection.
How do I fix CVE-2016-3008?
To fix CVE-2016-3008, upgrade IBM Connections to version 5.0 CR4 or 5.5 CR1 at minimum.
Who is affected by CVE-2016-3008?
CVE-2016-3008 affects IBM Connections versions 5.0 before CR4 and 5.5 before CR1.
What type of vulnerability is CVE-2016-3008?
CVE-2016-3008 is a cross-site scripting (XSS) vulnerability.
Can CVE-2016-3008 be exploited by unauthenticated users?
No, CVE-2016-3008 can only be exploited by remote authenticated users.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/softwarecombine
- agent/weakness
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm connections portlets
- version/ibm connections portlets/5.0.0.0
- version/ibm connections portlets/5.5.0.0