Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2019-11358)

Summary

There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2019-11358
**DESCRIPTION:**jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159633 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

Users are strongly encouraged to upgrade to IBM Decision Optimization for IBM Cloud Pak for Data 5.0 and subsequent releases.
Here is the detailed information on Upgrading IBM Cloud Pak for Data

Workarounds and Mitigations

None