CVE-2016-8927

Description

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540.

Affected products

• IBM Corporation / Tivoli Application Dependency Discovery Manager7.2 – 7.2
• IBM Corporation / Tivoli Application Dependency Discovery Manager7.2.1 – 7.2.1
• IBM Corporation / Tivoli Application Dependency Discovery Manager7.2.2 – 7.2.2
• IBM Corporation / Tivoli Application Dependency Discovery Manager7.1.2 – 7.1.2
• IBM Corporation / Tivoli Application Dependency Discovery Manager7.3 – 7.3
• IBM Corporation / Tivoli Application Dependency Discovery Manager7.2.0 – 7.2.0

References

• MISChttp://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E
• MISChttp://www.securityfocus.com/bid/97629