Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMCDECD4BC19BFC4FE475ED114CE9688C70CB17B0437666AF410F08858914C7B18
HistoryJun 16, 2018 - 1:48 p.m.

Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-Site Scripting (XSS)

2018-06-1613:48:37
www.ibm.com
10

EPSS

0.001

Percentile

44.0%

JSON

Summary

IBM InfoSphere Information Server Framework is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Vulnerability Details

CVEID: CVE-2017-1321**
DESCRIPTION:** IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125916 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

The following product, running on all supported platforms, is affected:
IBM Information Server Framework: versions 9.1, 11.3, and 11.5
IBM InfoSphere Information Server on Cloud version 11.5

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
InfoSphere Information Server, Information Server on Cloud| 11.5| JR57830| --Apply IBM InfoSphere Information Server version 11.5.0.2
--Apply IBM InfoSphere Information Server Framework Security patch
InfoSphere Information Server| 11.3| JR57830| --Apply IBM InfoSphere Information Server version _11.3.1.2 _
--Apply IBM InfoSphere Information Server Framework Security patch
InfoSphere Information Server| 9.1| JR57830| --Apply IBM InfoSphere Information Server version 9.1.2.0
--Apply IBM InfoSphere Information Server Framework Security patch

Contact Technical Support:
In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with Information Server Technical Support.

Workarounds and Mitigations

None

Related

cvelist 1
cve 1
prion 1
nvd 1
cvelist
cvelist
CVE-2017-1321
2017-07-12 17:00:00
cve
cve
CVE-2017-1321
2017-07-12 17:29:00
prion
prion
Cross site scripting
2017-07-12 17:29:00
nvd
nvd
CVE-2017-1321
2017-07-12 17:29:00

EPSS

0.001

Percentile

44.0%

JSON
Related for CDECD4BC19BFC4FE475ED114CE9688C70CB17B0437666AF410F08858914C7B18
cvelist1cve1prion1nvd1