Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB6D00124300BF2A156760B2727245A98C50567CA9268FBED9CFB102C3F92D101
HistoryJun 08, 2020 - 9:18 p.m.

Security Bulletin: Vulnerability in Dojo Toolkit affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

2020-06-0821:18:28
www.ibm.com
13

EPSS

0.005

Percentile

77.0%

JSON

Summary

Unescaped string injection in dojox/Grid/DataGrid is affecting some of the Watson Knowledge Catalog for IBM Cloud Pak for Data web UIs.

Vulnerability Details

CVEID:CVE-2018-15494
**DESCRIPTION:**Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148556 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak for Data 2.5

Remediation/Fixes

Install wkc-patch-3.0.0.6 for IBM Cloud Pak for Data.

See <https://www.ibm.com/support/pages/node/5693666&gt; for details.

Workarounds and Mitigations

None.

Related

openvas 1
ubuntucve 1
ibm 31
redhatcve 1
cvelist 1
prion 1
debiancve 1
debian 1
nvd 1
veracode 1
osv 3
cve 1
nessus 1
zdt 1
github 1
packetstorm 1
openvas
openvas
Debian: Security Advisory (DLA-1492-1)
2018-09-03 00:00:00
ubuntucve
ubuntucve
CVE-2018-15494
2018-08-18 00:00:00
ibm
ibm
Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)
2019-10-28 16:30:15
Security Bulletin: Vulnerability in Dojo may affect IBM CΓΊram Social Program Management (CVE-2018-15494)
2021-11-25 17:06:40
Security Bulletin: XSS vulerability in Dojo affects IBM Tivoli Business Service Manager (CVE-2018-15494)
2021-11-05 21:06:45
redhatcve
redhatcve
CVE-2018-15494
2018-08-23 05:54:01
cvelist
cvelist
CVE-2018-15494
2018-08-18 02:00:00
prion
prion
Sql injection
2018-08-18 02:29:00
debiancve
debiancve
CVE-2018-15494
2018-08-18 02:29:01
debian
debian
[SECURITY] [DLA 1492-1] dojo security update
2018-09-03 08:06:10
nvd
nvd
CVE-2018-15494
2018-08-18 02:29:01
veracode
veracode
Cross-Site Scripting (XSS)
2018-08-20 07:17:16
osv
osv
CVE-2018-15494
2018-08-18 02:29:01
dojox vulnerable to unescaped string injection
2018-10-15 22:03:48
dojo - security update
2018-09-03 00:00:00
cve
cve
CVE-2018-15494
2018-08-18 02:29:01
nessus
nessus
Debian DLA-1492-1 : dojo security update
2018-09-04 00:00:00
zdt
zdt
Dojo Toolkit 1.13 Cross Site Scripting Vulnerability
2018-08-28 00:00:00
github
github
dojox vulnerable to unescaped string injection
2018-10-15 22:03:48
packetstorm
packetstorm
Dojo Toolkit 1.13 Cross Site Scripting
2018-08-27 00:00:00

EPSS

0.005

Percentile

77.0%

JSON
Related for B6D00124300BF2A156760B2727245A98C50567CA9268FBED9CFB102C3F92D101
openvas1ubuntucve1ibm31redhatcve1cvelist1prion1debiancve1debian1nvd1veracode1osv3cve1nessus1zdt1github1packetstorm1