IBM244B154AD00659FCDC8D1CED2DE51F2FE7C432AA0BD97ACA46326B2A9B727278Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2022-40748)
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.8%
Summary
IBM InfoSphere Information Server is vulnerable to cross-site scripting.
Vulnerability Details
CVEID:CVE-2022-40748
**DESCRIPTION:**IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236586.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236586 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| InfoSphere Information Server | 11.7 |
Remediation/Fixes
| Product | VRMF | APAR | Remediation |
|---|---|---|---|
| InfoSphere Information Server, InfoSphere Information Server on Cloud | 11.7 | DT148825 | --Apply IBM InfoSphere Information Server version 11.7.1.0 |
| --Apply IBM InfoSphere Information Server version 11.7.1.3 | |||
| --Apply Information Server 11.7.1.3 Service pack 4 |
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| infosphere information server | eq | 11.7 |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.8%