CVE-2016-5974: XSS
First published: Mon Sep 26 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Privileged Identity Manager Virtual Appliance | <=2.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-5974?
CVE-2016-5974 has been assigned a medium severity level due to the potential for exploitation via XSS.
How do I fix CVE-2016-5974?
To fix CVE-2016-5974, upgrade to IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 FP8 or later.
Who is affected by CVE-2016-5974?
CVE-2016-5974 affects remote authenticated users of IBM Security Privileged Identity Manager Virtual Appliance versions prior to 2.0.2 FP8.
What type of vulnerability is CVE-2016-5974?
CVE-2016-5974 is a cross-site scripting (XSS) vulnerability that allows for the injection of arbitrary web scripts or HTML.
What can attackers achieve by exploiting CVE-2016-5974?
By exploiting CVE-2016-5974, attackers can execute malicious scripts in the context of an affected web application.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm security privileged identity manager virtual appliance
- version/ibm security privileged identity manager virtual appliance/2.0.2