PatchSiren cyber security CVE debrief
CVE-2016-5984 IBM CVE debrief
CVE-2016-5984 affects IBM InfoSphere Information Server and is described as a cross-frame scripting issue caused by insufficient HTML iframe protection. According to the published record, a remote attacker could use a specially crafted URL to send a user to an attacker-controlled page, creating conditions for clickjacking or other client-side browser attacks. NVD assigns the issue CVSS 3.0 6.1 (Medium) and maps it to CWE-79.
- Vendor
- IBM
- Product
- CVE-2016-5984
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-01
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-01
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams running IBM InfoSphere Information Server 8.7, 9.1, 11.3, 11.5, or IBM InfoSphere Information Server on Cloud 11.5 should review this issue, especially if users access the product through a browser and may follow external links.
Technical summary
The NVD record lists vulnerable CPEs for IBM InfoSphere Information Server versions 8.7, 9.1, 11.3, 11.5, and IBM InfoSphere Information Server on Cloud 11.5. The weakness is characterized as insufficient iframe protection / cross-frame scripting, with a CVSS vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. That indicates a network-reachable issue that requires user interaction and can affect confidentiality and integrity at a low level, with no availability impact recorded.
Defensive priority
Medium. The issue requires user interaction, but it can still be used for browser-based abuse such as clickjacking and should be patched promptly on exposed deployments.
Recommended defensive actions
- Apply the IBM patch or mitigation guidance referenced in the vendor advisory.
- Verify whether any deployed IBM InfoSphere Information Server instances match the affected versions listed by NVD.
- Review browser-facing pages and workflows for iframe handling and framing protections.
- Use standard browser-side defenses where appropriate, such as frame-busting controls and restrictive framing policies, as part of layered mitigation.
- Limit trust in unsolicited links and redirect flows that could deliver a specially crafted URL to users.
Evidence notes
Primary evidence comes from the NVD record and the IBM PSIRT vendor advisory reference. The NVD entry states the issue is a cross-frame scripting problem caused by insufficient HTML iframe protection and lists the affected IBM InfoSphere Information Server versions. The record also includes CVSS 3.0 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N and CWE-79. The IBM advisory reference is cited in NVD as a Patch/Vendor Advisory source. Publication date used here is the CVE publishedAt timestamp of 2017-02-01T20:59:01.473Z; the later modified timestamp is not treated as the issue date.
Official resources
-
CVE-2016-5984 CVE record
CVE.org
-
CVE-2016-5984 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
CVE published: 2017-02-01T20:59:01.473Z. This debrief uses the CVE publication timestamp as the disclosure date context and does not use the 2026 modified timestamp as the issue date.