CVE-2015-7417

moderate-risk

Published 2016-01-23

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider.

Do I need to act?

-

0.17% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

5

CVSS 5.4/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Affected Vendors

Ibm

References (8)

http://www-01.ibm.com/support/docview.wss?uid=swg1PI49272

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21974520

http://www.securityfocus.com/bid/81738

http://www.securitytracker.com/id/1034783

http://www-01.ibm.com/support/docview.wss?uid=swg1PI49272

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21974520

http://www.securityfocus.com/bid/81738

http://www.securitytracker.com/id/1034783

47

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 25/34 · High