IBM7FCADA84AFC9BCE9A090B13AE6C73CC73A9229040EB83775B5E3792845476441Security Bulletin: IBM Streams is potentially affected by a vulnerability caused by parsing text in the Web Console
0.001 Low
EPSS
Percentile
25.4%
Summary
The IBM Streams Web console is potentially vulnerable to cross-site scripting and other related attacks. IBM Streams has addressed the applicable CVE.
Vulnerability Details
CVEID: CVE-2017-1431**
DESCRIPTION:** IBM InfoSphere Streams is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127632 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
The following versions may be impacted:
- IBM Streams Version 4.2.1.1 and earlier
- IBM InfoSphere Streams Version 4.1.1.4 and earlier
- IBM InfoSphere Streams Version 4.0.1.4 and earlier
Remediation/Fixes
NOTE: Fix Packs are available on IBM Fix Central.
To remediate/fix this issue, follow the instructions below:
- Version 4.2.x: Apply 4.2.1 Fix Pack 2 (4.2.1.2) or higher.
- Version 4.1.x: Apply 4.1.1 Fix Pack 5 (4.1.1.5) or higher.
- Version 4.0.x: Apply 4.0.1 Fix Pack 5 (4.0.1.5) or higher.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm streams | eq | 4.0 | |
| ibm streams | eq | 4.0.1 | |
| ibm streams | eq | 4.1 | |
| ibm streams | eq | 4.1.1 | |
| ibm streams | eq | 4.2 | |
| ibm streams | eq | 4.2.1 | |
| ibm streams | eq | any |
Related
0.001 Low
EPSS
Percentile
25.4%