cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.0.0 cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.0.1 cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.0.2 cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.0.3 cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.1.0 cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.1.1 cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.1.2 cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.1.3 cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.1.4 CVE-2016-9704 2017-02-01T17:59:01.213-05:00 2017-07-24T21:29:03.920-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2017-02-08T10:22:24.937-05:00 SECTRACK 1037765 BID 95323 CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21996761 IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.