Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2018-1706) affects IBM Spectrum Symphony 7.2.0.2
CVEID: CVE-2018-1706 DESCRIPTION: IBM Platform Symphony is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146341> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
IBM Spectrum Symphony 7.2.0.2
The fixes can be downloaded from IBM Fix Central:
sym-7.2.0.2-build495568:
http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build495568&includeSupersedes=0
None.
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum symphony | eq | any |