CVE-2016-0316
Published on: 11/25/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:13 PM UTC
Certain versions of Jazz Reporting Service from Ibm contain the following vulnerability:
Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
- CVE-2016-0316 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.4 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | LOW | REQUIRED | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 3.5 - LOW
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
IBM Jazz Reporting Service CVE-2016-0316 Cross Site Scripting Vulnerability | cve.report (archive) text/html |
![]() |
IBM Security Bulletin: Multiple security vulnerabilities affect the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2016-0316, CVE-2016-0317, CVE-2016-0318, CVE-2016-0319) - United States | Patch Vendor Advisory www-01.ibm.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Ibm | Jazz Reporting Service | 6.0 | All | All | All |
Application | Ibm | Jazz Reporting Service | 6.0.1 | All | All | All |
Application | Ibm | Jazz Reporting Service | 6.0.2 | All | All | All |
Application | Ibm | Jazz Reporting Service | 6.0 | All | All | All |
Application | Ibm | Jazz Reporting Service | 6.0.1 | All | All | All |
Application | Ibm | Jazz Reporting Service | 6.0.2 | All | All | All |
- cpe:2.3:a:ibm:jazz_reporting_service:6.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:jazz_reporting_service:6.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:jazz_reporting_service:6.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:jazz_reporting_service:6.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:jazz_reporting_service:6.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:jazz_reporting_service:6.0.2:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE