CVE-2016-0283
Published on: 03/19/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:12 PM UTC
Certain versions of Websphere Application Server from Ibm contain the following vulnerability:
Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
- CVE-2016-0283 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 6.1 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | REQUIRED | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
IBM Security Bulletin: Cross-site scripting vulnerability in IBM WebSphere Application Server (CVE-2016-0283) - United States | Vendor Advisory www-01.ibm.com text/html |
![]() |
IBM notice: The page you requested cannot be displayed | www-01.ibm.com text/html Inactive LinkNot Archived |
![]() |
IBM WebSphere Application Server Input Validation Flaw in OIDC Client Lets Remote Conduct Cross-Site Scripting Attacks - SecurityTracker | www.securitytracker.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:liberty:*:*:*:
- cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:liberty:*:*:*:
No vendor comments have been submitted for this CVE