Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB32575F43F0C7C8A19D29087C1F5ED02C42CB3C9C07BA541EAE33916454EC4A7
HistoryApr 04, 2019 - 2:55 p.m.

Security Bulletin: IBM API Connect Developer Portal is affected by a cross site scripting vulnerability in Bootstrap (CVE-2019-8331)

2019-04-0414:55:02
www.ibm.com
10

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Summary

IBM API Connect has addressed the following vulnerability.

Vulnerability Details

CVEID: CVE-2019-8331 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the tooltip or popover data-template. A remote attacker could exploit this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157409&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM API Connect version 2018.1-2018.4.1.3

Remediation/Fixes

Affected Product Addressed in VRMF APAR Remediation/First Fix

IBM API Connect

V2018.1 - 2018.4.1.3

| 2018.4.1.4 fixpack |

LI80764

|

Addressed in IBM API Connect v2018.4.1.4 fixpack.

Follow this link and find the appropriate 2018.4.1.4 portal package suitable for the form factor of your installation.

[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~WebSphere&amp;product=ibm/WebSphere/IBM+API+Connect&amp;release=2018.4.1.3&amp;platform=All&amp;function=all&amp;source=fc](< http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.3&platform=All&function=all&source=fc&gt;)

Workarounds and Mitigations

None

Related

typo3 1
cve 2
f5 1
github 3
gitlab 1
redhat 15
githubexploit 1
redhatcve 1
prion 2
veracode 1
osv 5
debiancve 1
ubuntucve 1
hackerone 2
nodejs 1
nessus 30
ibm 18
freebsd 1
laminas 1
openvas 1
jvn 1
ics 1
oraclelinux 3
centos 1
almalinux 2
rocky 2
amazon 1
oracle 1
typo3
typo3
Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0
2019-05-07 00:00:00
cve
cve
CVE-2019-8331
2019-02-20 16:29:00
CVE-2023-32711
2023-06-01 17:15:10
f5
f5
K24383845 : Bootstrap vulnerability CVE-2019-8331
2019-04-10 00:00:00
github
github
Bootstrap Vulnerable to Cross-Site Scripting
2019-02-22 20:54:47
Moderate severity vulnerability that affects Bootstrap.Less, bootstrap, and bootstrap.sass
2019-02-22 20:54:40
Moderate severity vulnerability that affects bootstrap and bootstrap-sass
2019-02-22 20:54:27
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2019-02-20 00:00:00
redhat
redhat
(RHSA-2022:8865) Moderate: Red Hat OpenStack 16.1.9 (python-XStatic-Bootstrap-SCSS) security update
2022-12-07 20:09:53
(RHSA-2022:8848) Moderate: Red Hat OpenStack 16.2.4 (python-XStatic-Bootstrap-SCSS) security update
2022-12-07 19:00:35
(RHSA-2019:3024) Moderate: ovirt-web-ui security and bug fix update
2019-10-10 14:49:46
githubexploit
githubexploit
Exploit for Cross-site Scripting in Getbootstrap Bootstrap
2020-12-01 09:18:58
redhatcve
redhatcve
CVE-2019-8331
2020-01-04 09:44:24
prion
prion
Design/Logic Flaw
2019-02-20 16:29:00
Cross site scripting
2023-06-01 17:15:00
veracode
veracode
Cross-site Scripting (XSS)
2019-02-14 08:50:01
osv
osv
Bootstrap Vulnerable to Cross-Site Scripting
2019-02-22 20:54:47
CVE-2019-8331
2019-02-20 16:29:00
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
debiancve
debiancve
CVE-2019-8331
2019-02-20 16:29:00
ubuntucve
ubuntucve
CVE-2019-8331
2019-02-20 00:00:00
hackerone
hackerone
Sifchain: Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation
2021-06-05 15:52:39
Sifchain: Vulnerable javascript dependency at Main domain
2021-05-07 20:48:11
nodejs
nodejs
Cross-Site Scripting
2019-05-22 18:03:13
nessus
nessus
RHEL 8 : Red Hat OpenStack 16.2.4 (python-XStatic-Bootstrap-SCSS) (RHSA-2022:8848)
2023-01-23 00:00:00
F5 Networks BIG-IP : Bootstrap vulnerability (K24383845)
2019-12-31 00:00:00
FreeBSD : mantis -- multiple vulnerabilities (81fcc2f9-e15a-11e9-abbf-800dd28b22bd)
2019-09-30 00:00:00
ibm
ibm
Security Bulletin: IBM Security Information Queue uses components with known vulnerabilities (CVE-2019-8331, CVE-2019-11358)
2020-04-07 16:23:23
Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation
2022-03-02 16:40:15
Security Bulletin: Multiple security vulnerabilities in bootstrap.js may affect IBM Business Automation Workflow
2023-06-05 20:05:15
freebsd
freebsd
mantis -- multiple vulnerabilities
2019-08-28 00:00:00
laminas
laminas
XSS vectors in laminas-api-tools/api-tools
2020-04-01 21:30:00
openvas
openvas
Pi-hole Web Interface < 5.0 Multiple Vulnerabilities
2020-05-12 00:00:00
jvn
jvn
JVN#06527859: KinagaCMS vulnerable to cross-site scripting
2019-03-15 00:00:00
ics
ics
Mitsubishi Electric EcoWebServerIII
2022-02-24 12:00:00
oraclelinux
oraclelinux
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-10 00:00:00
ipa security, bug fix, and enhancement update
2020-10-06 00:00:00
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-10 00:00:00
centos
centos
ipa, python2 security update
2020-10-20 18:15:27
almalinux
almalinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
rocky
rocky
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
amazon
amazon
Medium: ipa
2020-10-22 17:40:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON
Related for B32575F43F0C7C8A19D29087C1F5ED02C42CB3C9C07BA541EAE33916454EC4A7
typo31cve2f51github3gitlab1redhat15githubexploit1redhatcve1prion2veracode1osv5debiancve1ubuntucve1hackerone2nodejs1nessus30ibm18freebsd1laminas1openvas1jvn1ics1oraclelinux3centos1almalinux2rocky2amazon1oracle1