Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF77D28F5CA5F0A6EFF3C9F12EB079E49E053DD59EC46AB1D2EF0C04EF99BF600
HistoryJul 18, 2020 - 11:17 p.m.

Security Bulletin: BigInsights is affected by multiple vulnerabilities in BigSheets and Data Server Manager (CVE-2017-1552, CVE-2017-1553, CVE-2017-1554)

2020-07-1823:17:55
www.ibm.com
16

0.001 Low

EPSS

Percentile

32.0%

JSON

Summary

BigInsights is affected by multiple UI vulnerabilities in BigSheets and Data Server Manager (DSM)

Vulnerability Details

CVEID: CVE-2017-1552**
DESCRIPTION:** IBM Infosphere BigInsights is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/131396 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2017-1553**
DESCRIPTION:** IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/131397 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2017-1554**
DESCRIPTION:** IBM Infosphere BigInsights could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
CVSS Base Score: 5.4
CVSS Temporal Score: See _https://exchange.xforce.ibmcloud.com/vulnerabilities/131398 _for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

BigInsights 4.2, 4.2.5

Remediation/Fixes

Please contact technical support to obtain fix and install instructions.

Related

nvd 3
cvelist 3
cve 3
prion 3
nvd
nvd
CVE-2017-1554
2017-11-01 21:29:00
CVE-2017-1553
2017-11-01 21:29:00
CVE-2017-1552
2017-11-01 21:29:00
cvelist
cvelist
CVE-2017-1554
2017-10-25 00:00:00
CVE-2017-1553
2017-10-25 00:00:00
CVE-2017-1552
2017-10-25 00:00:00
cve
cve
CVE-2017-1554
2017-11-01 21:29:00
CVE-2017-1553
2017-11-01 21:29:00
CVE-2017-1552
2017-11-01 21:29:00
prion
prion
Design/Logic Flaw
2017-11-01 21:29:00
Cross site scripting
2017-11-01 21:29:00
Cross site scripting
2017-11-01 21:29:00

0.001 Low

EPSS

Percentile

32.0%

JSON
Related for F77D28F5CA5F0A6EFF3C9F12EB079E49E053DD59EC46AB1D2EF0C04EF99BF600
nvd3cvelist3cve3prion3