4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-site scripting in Oauth
CVE ID**:** CVE-2013-6738
DESCRIPTION:
OAuth /authorize endpoint will return an invalid query param in the response. This allows a script to be injected in the response.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89854> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Any customer using version 1.1 should call IBM Support for guidance.
IBM SmartCloud Analytics LogAnalysis v1.1 and v1.2
IBM SmartCloud Analytics LogAnalysis 1.2.0.0-CSI-SCALA-IF0003 APAR ID - IV57425
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm smartcloud analytics | eq | 1.2.0 |