CVE-2016-5984

Summary

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationInfoSphere Information Server8.1affected
IBM CorporationInfoSphere Information Server8.5affected
IBM CorporationInfoSphere Information Server8.0affected
IBM CorporationInfoSphere Information Server8.5.0.1affected
IBM CorporationInfoSphere Information Server8.7affected
IBM CorporationInfoSphere Information Server9.1affected
IBM CorporationInfoSphere Information Server8.0.1affected
IBM CorporationInfoSphere Information Server10.0affected
IBM CorporationInfoSphere Information Server11.3affected
IBM CorporationInfoSphere Information Server10affected
IBM CorporationInfoSphere Information Server11.3.0.0affected
IBM CorporationInfoSphere Information Server11.3.1.0affected
IBM CorporationInfoSphere Information Server11.5affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References