Vulnerability Details : CVE-2010-3472
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2010-3472
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 52 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3472
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-3472
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3472
-
http://www.vupen.com/english/advisories/2010/2419
Webmail | OVH- OVHVendor Advisory
-
http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm
IBM FileNet P8 Application Engine Fix Pack: P8AE 3.5.1-021
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37466
IBM PJ37466: Security tools revealed the cross-site scripting security in Workplace is vulnerable to attacks.Vendor Advisory
-
http://www.securityfocus.com/bid/43272
IBM FileNet Application Engine Open Redirection and Cross Site Scripting Vulnerabilities
Products affected by CVE-2010-3472
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:001:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:005:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:006:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:007:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:008:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:009:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:002:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:004:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:003:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:017:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:018:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:015:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:016:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:014:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:012:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:013:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:011:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:019:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:010:*:*:*:*:*:*
- cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:020:*:*:*:*:*:*