CVE-2016-9000

MEDIUM

IBM InfoSphere DataStage - XSS

Title source: llm

Description

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks.

References (3)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21995257

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95324

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037564

Scores

CVSS v3 6.1

EPSS 0.0024

EPSS Percentile 47.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (18)

ibm/infosphere_datastage

ibm/infosphere_information_server_on_cloud

IBM Corporation/InfoSphere Information Server < 8.1

IBM Corporation/InfoSphere Information Server < 8.5

IBM Corporation/InfoSphere Information Server < 8.0

IBM Corporation/InfoSphere Information Server < 8.5.0.1

IBM Corporation/InfoSphere Information Server < 8.7

IBM Corporation/InfoSphere Information Server < 9.1

IBM Corporation/InfoSphere Information Server < 8.0.1

IBM Corporation/InfoSphere Information Server < 10.0

IBM Corporation/InfoSphere Information Server < 11.3

IBM Corporation/InfoSphere Information Server < 10

... and 3 more

Timeline

Published Feb 01, 2017

Tracked Since Feb 18, 2026