Security Bulletin: IBM MQ Appliance is affected by a cross-site scripting vulnerability. (CVE-2018-1667)

Summary

IBM MQ Appliance has addressed the following cross-site scripting vulnerability.

Vulnerability Details

CVEID:CVE-2018-1667
**DESCRIPTION:*IBM WebSphere DataPower Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144893&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Continuous delivery updates 9.0.1 and 9.0.5

IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Maintenance level 9.1.0.0

Remediation/Fixes

IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Apply 9.1.0.1 Long Term Support (LTS) Release or 9.1.1 Continuous Delivery Release, or later.

IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Apply fixpack 9.1.0.1 or later

Workarounds and Mitigations

None