CVE-2016-0246 IBM Security Guardium
漏洞信息
漏洞名称:IBM Security Guardium CVE-2016-0246 Unspecified Cross Site Scripting Vulnerability
漏洞分类:Input Validation Error BugtraqID:93400
远程溢出:Yes 本地溢出:No
发布日期:2016-10-04 12:00:00 更新日期:2016-10-10 01:05:00
漏洞作者:IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd. Dmitriy Beryoza.
受影响的程序版本
IBM Security Guardium 10.0.1
IBM Security Guardium 9.5
IBM Security Guardium 9.1
IBM Security Guardium 9.0
IBM Security Guardium 9
IBM Security Guardium 8.2
IBM Security Guardium 10.1
IBM Security Guardium 10.0
IBM Security Guardium 10
漏洞讨论
IBM Security Guardium is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
漏洞利用
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
解决方案
Updates are available. Please see the references or vendor advisory for more information.
相关参考
http://www.ibm.com/us-en/
http://www-01.ibm.com/support/docview.wss?uid=swg21990377