Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC47B44B615D14BE27B6F5D8613AC23C62E6F05829037C175F1A2FE0338775DE6
HistoryOct 09, 2020 - 7:36 p.m.

Security Bulletin: IBM InfoSphere Information Server is vulnerable to HTML injection.

2020-10-0919:36:12
www.ibm.com
6

5.2 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

JSON

Summary

An HTML injection vulnerability was addressed in IBM InfoSphere Information Server.

Vulnerability Details

CVEID:CVE-2020-4740
**DESCRIPTION:**IBM InfoSphere Information Server is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site.
CVSS Base score: 5.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188150 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Information Server 11.7
InfoSphere Information Server 11.5

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
InfoSphere Information Server, Information Server on Cloud 11.7 JR62780 --Apply IBM InfoSphere Information Server version 11.7.1.0

--Apply IBM InfoSphere Information Server version 11.7.1.1
or for Red Hat 8 installations
--Apply IBM InfoSphere Information Server version 11.7.1.2

InfoSphere Information Server, Information Server on Cloud | 11.5 | JR62780 | --Upgrade to version 11.7

Workarounds and Mitigations

None

Related

cve 1
prion 1
ibm 1
cve
cve
CVE-2020-4740
2020-10-12 14:15:00
prion
prion
Design/Logic Flaw
2020-10-12 14:15:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager
2020-12-16 21:27:29

5.2 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

JSON
Related for C47B44B615D14BE27B6F5D8613AC23C62E6F05829037C175F1A2FE0338775DE6
cve1prion1ibm1