Lucene search

IBM270C08C9A7B4D95C101926FB4898BE886C19EAC58B2D2EAF7EF22C0C444EE7C2

HistoryJun 20, 2024 - 8:46 a.m.

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2019-11358)

2024-06-2008:46:45

www.ibm.com

ibm decision optimization

cloud pak for data

vulnerability

remote attacker

cve-2020-23064

jquery

cross-site scripting

cvss

upgrade

security bulletin

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

JSON

Summary

There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2020-23064
**DESCRIPTION:**jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the element. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259074 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Decision Optimization for Cloud Pak for Data	All

Remediation/Fixes

Users are strongly encouraged to upgrade to IBM Decision Optimization for IBM Cloud Pak for Data 5.0 and subsequent releases.
Here is the detailed information on Upgrading IBM Cloud Pak for Data

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcloud_pak_for_dataMatchany

CPENameOperatorVersion
decision optimization for cloud pak for dataeqany

CPE	Name	Operator	Version
	decision optimization for cloud pak for data	eq	any

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

JSON

Related for 270C08C9A7B4D95C101926FB4898BE886C19EAC58B2D2EAF7EF22C0C444EE7C2