This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. CVSS v3.0 Base Score 5.8 (Integrity impacts). It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. Note: Applies to client and server deployment of Java. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.
Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112 Java SE Embedded: 8u111 JRockit: R28.3.12.
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS).
0 kommentar(er)
