IBMB14C53C264385C3785B11E2E78801BDA3BA98735DB9B7049F71103CAC5D383F8Security Bulletin: Vulnerability in system log on IBM MQ Appliance WebGUI (CVE-2017-1591)
0.001 Low
EPSS
Percentile
43.2%
Summary
A potential cross-site scripting vulnerability exists in the IBM MQ Appliance system log. IBM has addressed the applicable CVE.
Vulnerability Details
CVEID:CVE-2017-1591
**DESCRIPTION:*IBM WebSphere DataPower Appliances 7.0.0 through 7.6 and IBM MQ Appliances are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132368 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.7
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Continuous delivery updates between 9.0.1 and 9.0.3
Remediation/Fixes
IBM MQ Appliance 8.0
Apply fixpack 8.0.0.8
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Apply Continuous Delivery Release 9.0.4
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
43.2%