CVE-2016-2980
medium
CVSS v3
6.3
CVSS v2
6.8
VIR risk
6.3
Description
The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993.
Predictions
Exploit likelihood
73%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — https://exchange.xforce.ibmcloud.com/vulnerabilities/113993
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg22006447
References
- http://www.ibm.com/support/docview.wss?uid=swg22006447
- http://www.securityfocus.com/bid/100531
- https://exchange.xforce.ibmcloud.com/vulnerabilities/113993
- http://www.ibm.com/support/docview.wss?uid=swg22006447
- http://www.securityfocus.com/bid/100531
- https://exchange.xforce.ibmcloud.com/vulnerabilities/113993
CWEs
CWE-74
Verify integrity in audit chain (admin only). AS-IS.