What is the severity of CVE-2016-9979?

CVE-2016-9979 has a medium severity rating due to the potential for cross-site scripting attacks leading to credential disclosure.

How do I fix CVE-2016-9979?

To fix CVE-2016-9979, update IBM Curam Social Program Management to versions 6.0.5.9, 6.1.1.x, or later.

What versions of IBM Curam Social Program Management are affected by CVE-2016-9979?

Versions 5.2, 6.0.4.0 through 6.0.5.9, and 6.1.0.0 through 6.2.0.3 of IBM Curam Social Program Management are affected.

Is CVE-2016-9979 related to any other vulnerabilities?

CVE-2016-9979 is a standalone vulnerability centered on cross-site scripting and does not directly correlate with other vulnerabilities.

What are the risks associated with CVE-2016-9979?

The risks of CVE-2016-9979 include unauthorized execution of scripts, leading to potential credential theft and compromised user sessions.

Vulnerability/
CVE-2016-9979

medium

5.4

CWE

20/4/2017

6/8/2024

CVE-2016-9979: XSS

First published: Thu Apr 20 2017(Updated: )

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Curam Social Program Management	=6.0.4.0
IBM Curam Social Program Management	=6.0.4.1
IBM Curam Social Program Management	=6.0.4.2
IBM Curam Social Program Management	=6.0.4.3
IBM Curam Social Program Management	=6.0.4.4
IBM Curam Social Program Management	=6.0.4.5
IBM Curam Social Program Management	=6.0.4.6
IBM Curam Social Program Management	=6.0.4.7
IBM Curam Social Program Management	=6.0.4.8
IBM Curam Social Program Management	=6.0.5
IBM Curam Social Program Management	=6.0.5.0
IBM Curam Social Program Management	=6.0.5.1
IBM Curam Social Program Management	=6.0.5.2
IBM Curam Social Program Management	=6.0.5.3
IBM Curam Social Program Management	=6.0.5.4
IBM Curam Social Program Management	=6.0.5.5
IBM Curam Social Program Management	=6.0.5.6
IBM Curam Social Program Management	=6.0.5.7
IBM Curam Social Program Management	=6.0.5.8
IBM Curam Social Program Management	=6.0.5.9
IBM Curam Social Program Management	=6.1.0.0
IBM Curam Social Program Management	=6.1.0.1
IBM Curam Social Program Management	=6.1.0.2
IBM Curam Social Program Management	=6.1.0.3
IBM Curam Social Program Management	=6.1.1.0
IBM Curam Social Program Management	=6.1.1.1
IBM Curam Social Program Management	=6.1.1.2
IBM Curam Social Program Management	=6.1.1.3
IBM Curam Social Program Management	=6.2.0.0
IBM Curam Social Program Management	=6.2.0.1
IBM Curam Social Program Management	=6.2.0.2
IBM Curam Social Program Management	=6.2.0.3
IBM Curam Social Program Management	=7.0.0.0

Remedy

http://www.ibm.com/support/docview.wss?uid=swg22001780

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9979?
CVE-2016-9979 has a medium severity rating due to the potential for cross-site scripting attacks leading to credential disclosure.
How do I fix CVE-2016-9979?
To fix CVE-2016-9979, update IBM Curam Social Program Management to versions 6.0.5.9, 6.1.1.x, or later.
What versions of IBM Curam Social Program Management are affected by CVE-2016-9979?
Versions 5.2, 6.0.4.0 through 6.0.5.9, and 6.1.0.0 through 6.2.0.3 of IBM Curam Social Program Management are affected.
Is CVE-2016-9979 related to any other vulnerabilities?
CVE-2016-9979 is a standalone vulnerability centered on cross-site scripting and does not directly correlate with other vulnerabilities.
What are the risks associated with CVE-2016-9979?
The risks of CVE-2016-9979 include unauthorized execution of scripts, leading to potential credential theft and compromised user sessions.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/remedy
agent/author
agent/severity
agent/last-modified-date
agent/event
agent/description
agent/first-publish-date
agent/tags
agent/source
vendor/ibm
canonical/ibm curam social program management
version/ibm curam social program management/6.0.4.0
version/ibm curam social program management/6.0.4.1
version/ibm curam social program management/6.0.4.2
version/ibm curam social program management/6.0.4.3
version/ibm curam social program management/6.0.4.4
version/ibm curam social program management/6.0.4.5
version/ibm curam social program management/6.0.4.6
version/ibm curam social program management/6.0.4.7
version/ibm curam social program management/6.0.4.8
version/ibm curam social program management/6.0.5
version/ibm curam social program management/6.0.5.0
version/ibm curam social program management/6.0.5.1
version/ibm curam social program management/6.0.5.2
version/ibm curam social program management/6.0.5.3
version/ibm curam social program management/6.0.5.4
version/ibm curam social program management/6.0.5.5
version/ibm curam social program management/6.0.5.6
version/ibm curam social program management/6.0.5.7
version/ibm curam social program management/6.0.5.8
version/ibm curam social program management/6.0.5.9
version/ibm curam social program management/6.1.0.0
version/ibm curam social program management/6.1.0.1
version/ibm curam social program management/6.1.0.2
version/ibm curam social program management/6.1.0.3
version/ibm curam social program management/6.1.1.0
version/ibm curam social program management/6.1.1.1
version/ibm curam social program management/6.1.1.2
version/ibm curam social program management/6.1.1.3
version/ibm curam social program management/6.2.0.0
version/ibm curam social program management/6.2.0.1
version/ibm curam social program management/6.2.0.2
version/ibm curam social program management/6.2.0.3
version/ibm curam social program management/7.0.0.0