漏洞信息

漏洞名称:IBM Security Guardium CVE-2016-0246 Unspecified Cross Site Scripting Vulnerability

漏洞分类:Input Validation Error             BugtraqID:93400

远程溢出:Yes                                本地溢出:No

发布日期:2016-10-04 12:00:00                更新日期:2016-10-10 01:05:00

漏洞作者:IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd. Dmitriy Beryoza.

受影响的程序版本

IBM Security Guardium 10.0.1

IBM Security Guardium 9.5

IBM Security Guardium 9.1

IBM Security Guardium 9.0

IBM Security Guardium 9

IBM Security Guardium 8.2

IBM Security Guardium 10.1

IBM Security Guardium 10.0

IBM Security Guardium 10

漏洞讨论

IBM Security Guardium is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

漏洞利用

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

解决方案

Updates are available. Please see the references or vendor advisory for more information.

相关参考

http://www.ibm.com/us-en/

http://www-01.ibm.com/support/docview.wss?uid=swg21990377