CVE-2016-5944: XSS
First published: Mon Sep 26 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Control | =5.2.8 | |
| IBM Spectrum Control | =5.2.9 | |
| IBM Spectrum Control | =5.2.10 | |
| IBM Spectrum Control | =5.2.10.1 | |
| IBM Tivoli Storage Productivity Center | =5.2.0 | |
| IBM Tivoli Storage Productivity Center | =5.2.1 | |
| IBM Tivoli Storage Productivity Center | =5.2.1.1 | |
| IBM Tivoli Storage Productivity Center | =5.2.2 | |
| IBM Tivoli Storage Productivity Center | =5.2.3 | |
| IBM Tivoli Storage Productivity Center | =5.2.4 | |
| IBM Tivoli Storage Productivity Center | =5.2.4.1 | |
| IBM Tivoli Storage Productivity Center | =5.2.5 | |
| IBM Tivoli Storage Productivity Center | =5.2.5.1 | |
| IBM Tivoli Storage Productivity Center | =5.2.6 | |
| IBM Tivoli Storage Productivity Center | =5.2.7 | |
| IBM Tivoli Storage Productivity Center | =5.2.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-5944?
CVE-2016-5944 has a medium severity level due to its cross-site scripting (XSS) capabilities that can compromise user data.
How do I fix CVE-2016-5944?
To fix CVE-2016-5944, upgrade to IBM Spectrum Control version 5.2.11 or later.
Who is affected by CVE-2016-5944?
CVE-2016-5944 affects users of IBM Spectrum Control versions 5.2.0 to 5.2.10 and associated Tivoli Storage Productivity Center versions.
Can CVE-2016-5944 be exploited remotely?
Yes, CVE-2016-5944 can be exploited remotely by authenticated users to inject arbitrary web scripts.
What type of vulnerability is CVE-2016-5944 classified as?
CVE-2016-5944 is classified as a cross-site scripting (XSS) vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/ibm
- canonical/ibm spectrum control
- version/ibm spectrum control/5.2.8
- version/ibm spectrum control/5.2.9
- version/ibm spectrum control/5.2.10
- version/ibm spectrum control/5.2.10.1
- canonical/ibm tivoli storage productivity center
- version/ibm tivoli storage productivity center/5.2.0
- version/ibm tivoli storage productivity center/5.2.1
- version/ibm tivoli storage productivity center/5.2.1.1
- version/ibm tivoli storage productivity center/5.2.2
- version/ibm tivoli storage productivity center/5.2.3
- version/ibm tivoli storage productivity center/5.2.4
- version/ibm tivoli storage productivity center/5.2.4.1
- version/ibm tivoli storage productivity center/5.2.5
- version/ibm tivoli storage productivity center/5.2.5.1
- version/ibm tivoli storage productivity center/5.2.6
- version/ibm tivoli storage productivity center/5.2.7
- version/ibm tivoli storage productivity center/5.2.7.1