CVE-2016-9169

{"id": "CVE-2016-9169", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-03-23T06:59:00.640", "references": [{"url": "http://www.securityfocus.com/bid/97318", "source": "security@opentext.com"}, {"url": "https://www.novell.com/support/kb/doc.php?id=7018371", "source": "security@opentext.com"}, {"url": "http://www.securityfocus.com/bid/97318", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.novell.com/support/kb/doc.php?id=7018371", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks."}, {"lang": "es", "value": "Existe una vulnerabilidad de XSS reflejada en la consola web de Document Viewer Agent en Novell GroupWise en versiones anteriores a 2014 R2 Support Pack 1 Hot Patch 2 puede permitir a un atacante remoto ejecutar JavaScript en el contexto de una sesi\u00f3n de explorador de un usuario v\u00e1lido haciendo que haga clic en un enlace manipulado. Esto podr\u00eda provocar el comprometimiento de sesi\u00f3n u otros ataques basados en navegador."}], "lastModified": "2024-11-21T03:00:44.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:novell:groupwise:2014:r2_sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8D27FE5-CC84-4DB2-A8D7-87B733A37F69"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}