5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
There is a potential cross-site scripting vulnerability in the Admin Console of IBM WebSphere Application Server that is used by IBM Tivoli Netcool Configuration Manager (ITNCM).
CVEID: CVE-2017-1121
DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121173 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
The following releases are affected:
ITNCM 6.4.2.0 - 6.4.2.4
ITNCM 6.4.1.0 - 6.4.1.4
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
ITNCM| 6.4.2.4| none| For WebSphere Application Server Traditional V8.5.5, install the relevant interim fix detailed at Security Bulletin: Potential Cross-site scripting vulnerability in WebSphere Application Server (CVE-2017-1121)
ITNCM| 6.4.1.4| none| Install interim fix: 6.4.1.4-TIV-ITNCM-IF006
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli netcool configuration manager | eq | 6.4.1 | |
tivoli netcool configuration manager | eq | 6.4.2 |
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N