Medium Severity

IBM Security Bulletin: Cross Site Scripting Vulnerability in Tivoli Business Service Manager (CVE-2016-0311)

Share this post:

Information about a cross site scription security vulnerability affecting Tivoli Business Service Manager (TBSM) is published in this security bulletin. Javascript can be appended to TBSM URLs to run server side. URL parameters are not sanitised.

CVE(s): CVE-2016-0311

Affected product(s) and affected version(s):

Tivoli Business Service Manager 6.1.0
Tivoli Business Service Manager 6.1.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21986853
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111480

More stories

IBM Security Bulletin: IBM Cloud Private ingress log files contain sensitive information (CVE-2019-4284)

Aug 2, 2019 9:01 am EDT | Medium Severity

IBM Cloud Private ingress log files contain sensitive information CVE(s): CVE-2019-4284 Affected product(s) and affected version(s):IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885454X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160512 ...read more


IBM Security Bulletin: IBM MQ clients are vulnerable to a denial of service attack caused by consuming specifically crafted messages (CVE-2019-4261)

Aug 2, 2019 9:01 am EDT | Medium Severity

An error was found with the IBM MQ client message handling logic that causes a denial of service attack when specifically crafted messages are consumed. CVE(s): CVE-2019-4261 Affected product(s) and affected version(s):IBM WebSphere MQ V7.1 versions 7.1.0.0 – 7.1.0.9 IBM WepSphere MQ V7.5 versions 7.5.0.0 – 7.5.0.9 IBM MQ V8 versions 8.0.0.0 – 8.0.0.11 IBM ...read more


IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)

Aug 2, 2019 9:00 am EDT | Medium Severity

Financial Transaction Manager for Digital Payments (FTM DP) for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVE(s): CVE-2018-15494 Affected product(s) and affected version(s): FTM DP v3.2.0.0 ...read more