CVE-2016-2888
Published on: 07/07/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:15 PM UTC
Certain versions of Jazz Reporting Service from Ibm contain the following vulnerability:
Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350.
- CVE-2016-2888 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.4 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | LOW | REQUIRED | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Security Bulletin: Multiple security vulnerabilities affect the Report Builder and Data Collection Component that are shipped with Jazz Reporting Service (CVE-2016-0350, CVE-2016-0313, CVE-2016-0314, CVE-2016-0315, CVE-2016-2888, CVE-2016-2889) | Vendor Advisory www-01.ibm.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Ibm | Jazz Reporting Service | 5.0 | All | All | All |
Application | Ibm | Jazz Reporting Service | 5.0.1 | All | All | All |
Application | Ibm | Jazz Reporting Service | 5.0.2 | All | All | All |
Application | Ibm | Jazz Reporting Service | 6.0 | All | All | All |
Application | Ibm | Jazz Reporting Service | 6.0.1 | All | All | All |
Application | Ibm | Jazz Reporting Service | 5.0 | All | All | All |
Application | Ibm | Jazz Reporting Service | 5.0.1 | All | All | All |
Application | Ibm | Jazz Reporting Service | 5.0.2 | All | All | All |
Application | Ibm | Jazz Reporting Service | 6.0 | All | All | All |
Application | Ibm | Jazz Reporting Service | 6.0.1 | All | All | All |
- cpe:2.3:a:ibm:jazz_reporting_service:5.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:jazz_reporting_service:5.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:jazz_reporting_service:5.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:jazz_reporting_service:6.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:jazz_reporting_service:6.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:jazz_reporting_service:5.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:jazz_reporting_service:5.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:jazz_reporting_service:5.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:jazz_reporting_service:6.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:jazz_reporting_service:6.0.1:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE