IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker might exploit this vulnerability by using a specially crafted URL to run a script in a victim’s web browser.
CVE(s): CVE-2016-0261
Affected product(s) and affected version(s):
IBM Cúram Social Program Management 6.0.0.0 – 6.0.0 SP2
IBM Cúram Social Program Management 6.0.4.0 – 6.0.4.6
IBM Cúram Social Program Management 6.0.5.0 – 6.0.5.9
IBM Cúram Social Program Management 6.1.0.0 – 6.1.0.1
IBM Cúram Social Program Management 6.1.1.0 – 6.1.1.1
IBM Care Management 6.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2aLrc1R
X-Force Database: http://ift.tt/2axFUfT
from IBM Product Security Incident Response Team http://ift.tt/2aLqKk9
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.