CVE-2016-0322
Published on: 06/29/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:14 PM UTC
Certain versions of Connections from Ibm contain the following vulnerability:
Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML by uploading an HTML document.
- CVE-2016-0322 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.4 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | LOW | REQUIRED | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 3.5 - LOW
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
IBM notice: The page you requested cannot be displayed | www-01.ibm.com text/html Inactive LinkNot Archived |
![]() |
IBM notice: The page you requested cannot be displayed | Vendor Advisory www-01.ibm.com text/html Inactive LinkNot Archived |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Ibm | Connections | 4.0.0.0 | All | All | All |
Application | Ibm | Connections | 4.5.0.0 | All | All | All |
Application | Ibm | Connections | 5.0.0.0 | All | All | All |
Application | Ibm | Connections | 5.5.0.0 | All | All | All |
Application | Ibm | Connections | 4.0.0.0 | All | All | All |
Application | Ibm | Connections | 4.5.0.0 | All | All | All |
Application | Ibm | Connections | 5.0.0.0 | All | All | All |
Application | Ibm | Connections | 5.5.0.0 | All | All | All |
- cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:connections:5.5.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:connections:5.5.0.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE