IBM MQ Appliance has addressed the following cross-site scripting vulnerability.
CVEID:CVE-2018-1667
**DESCRIPTION:*IBM WebSphere DataPower Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144893> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Continuous delivery updates 9.0.1 and 9.0.5
IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Maintenance level 9.1.0.0
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Apply 9.1.0.1 Long Term Support (LTS) Release or 9.1.1 Continuous Delivery Release, or later.
IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Apply fixpack 9.1.0.1 or later
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm mq appliance | eq | any |