A potential cross-site scripting vulnerability exists in the IBM MQ Appliance system log. IBM has addressed the applicable CVE.
CVEID:CVE-2017-1591
**DESCRIPTION:*IBM WebSphere DataPower Appliances 7.0.0 through 7.6 and IBM MQ Appliances are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132368 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.7
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Continuous delivery updates between 9.0.1 and 9.0.3
IBM MQ Appliance 8.0
Apply fixpack 8.0.0.8
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Apply Continuous Delivery Release 9.0.4
None