Vulnerability Details : CVE-2016-0895
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity.
Vulnerability category: Input validation
Products affected by CVE-2016-0895
- cpe:2.3:a:emc:rsa_data_loss_prevention:9.6:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_data_loss_prevention:9.6.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_data_loss_prevention:9.6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_data_loss_prevention:9.6.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_data_loss_prevention:9.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_data_loss_prevention:9.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:emc:rsa_data_loss_prevention:9.6.2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-0895
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-0895
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2016-0895
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0895
-
http://seclists.org/bugtraq/2016/May/9
Bugtraq: ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities
-
http://www.securitytracker.com/id/1035714
RSA Data Loss Prevention Bugs Let Remote Users Conduct Cross-Site Scripting and Clickjacking Attacks and Let Remote Authenticated Users Bypass Security Controls and Obtain Potentially Sensitive Inform
-
http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Prevention-XSS-Information-Disclosure.html
RSA Data Loss Prevention XSS / Information Disclosure ≈ Packet Storm
Jump to