Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9EB94D20553173042BE5382D9FA19B26AED576B6A644838D6147610FC259E165
HistoryOct 29, 2021 - 9:22 p.m.

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Dojo Toolkit (CVE-2018-15494)

2021-10-2921:22:39
www.ibm.com
9

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

77.3%

JSON

Summary

A vulnerability in Dojo Toolkit that is used by IBM InfoSphere Information Server was addressed.

Vulnerability Details

CVEID:CVE-2018-15494
**DESCRIPTION:**Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148556 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Information Server 11.7

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
InfoSphere Information Server, Information Server on Cloud 11.7 JR63846
--Apply IBM InfoSphere Information Server version 11.7.1.0
--Apply IBM InfoSphere Information Server version 11.7.1.3

Workarounds and Mitigations

None

CPENameOperatorVersion
infosphere information servereq11.7

Related

ibm 30
prion 1
debiancve 1
debian 1
packetstorm 1
github 1
redhatcve 1
openvas 1
ubuntucve 1
veracode 1
osv 3
cve 1
nessus 1
zdt 1
ibm
ibm
Security Bulletin: Vulnerability in Dojo may affect IBM CΓΊram Social Program Management (CVE-2018-15494)
2021-11-25 17:06:40
Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)
2019-08-02 11:45:20
Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)
2019-10-28 16:29:00
prion
prion
Sql injection
2018-08-18 02:29:00
debiancve
debiancve
CVE-2018-15494
2018-08-18 02:29:00
debian
debian
[SECURITY] [DLA 1492-1] dojo security update
2018-09-03 08:06:10
packetstorm
packetstorm
Dojo Toolkit 1.13 Cross Site Scripting
2018-08-27 00:00:00
github
github
dojox vulnerable to unescaped string injection
2018-10-15 22:03:48
redhatcve
redhatcve
CVE-2018-15494
2018-08-23 05:54:01
openvas
openvas
Debian: Security Advisory (DLA-1492-1)
2018-09-03 00:00:00
ubuntucve
ubuntucve
CVE-2018-15494
2018-08-18 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2018-08-20 07:17:16
osv
osv
CVE-2018-15494
2018-08-18 02:29:01
dojox vulnerable to unescaped string injection
2018-10-15 22:03:48
dojo - security update
2018-09-03 00:00:00
cve
cve
CVE-2018-15494
2018-08-18 02:29:00
nessus
nessus
Debian DLA-1492-1 : dojo security update
2018-09-04 00:00:00
zdt
zdt
Dojo Toolkit 1.13 Cross Site Scripting Vulnerability
2018-08-28 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

77.3%

JSON
Related for 9EB94D20553173042BE5382D9FA19B26AED576B6A644838D6147610FC259E165
ibm30prion1debiancve1debian1packetstorm1github1redhatcve1openvas1ubuntucve1veracode1osv3cve1nessus1zdt1