Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFC7715B7C134B7129D3BD74A5409C64698ED939A984C76BB630711FFDD627DAA
HistoryOct 29, 2021 - 10:09 p.m.

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Marked (CVE-2017-1000427)

2021-10-2922:09:43
www.ibm.com
9

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.0%

JSON

Summary

Marked is used by a third party component that is used in IBM InfoSphere Information Server. A vulnerability in Marked was addressed.

Vulnerability Details

CVEID:CVE-2017-1000427
**DESCRIPTION:**Marked is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the data: URI parser. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/137243 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Information Server 11.7

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
InfoSphere Information Server, Information Server on Cloud 11.7 JR63876
--Apply IBM InfoSphere Information Server version 11.7.1.0
--Apply IBM InfoSphere Information Server version 11.7.1.3

Workarounds and Mitigations

None

CPENameOperatorVersion
infosphere information servereq11.7

Related

osv 2
cvelist 1
ubuntucve 1
debiancve 1
github 1
veracode 1
cve 1
prion 1
nessus 2
fedora 2
openvas 2
ibm 2
osv
osv
Marked vulnerable to XSS from data URIs
2018-01-04 21:04:19
CVE-2017-1000427
2018-01-02 23:29:00
cvelist
cvelist
CVE-2017-1000427
2018-01-02 23:00:00
ubuntucve
ubuntucve
CVE-2017-1000427
2018-01-02 00:00:00
debiancve
debiancve
CVE-2017-1000427
2018-01-02 23:29:00
github
github
Marked vulnerable to XSS from data URIs
2018-01-04 21:04:19
veracode
veracode
Cross-site Scripting (XSS)
2017-01-27 04:09:58
cve
cve
CVE-2017-1000427
2018-01-02 23:29:00
prion
prion
Design/Logic Flaw
2018-01-02 23:29:00
nessus
nessus
Fedora 32 : marked (2020-d714c08261)
2020-06-04 00:00:00
Fedora 31 : marked (2020-5eca570e16)
2020-06-01 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: marked-1.1.0-3.fc32
2020-05-31 03:31:34
[SECURITY] Fedora 31 Update: marked-1.1.0-3.fc31
2020-05-31 03:58:57
openvas
openvas
Fedora: Security Advisory for marked (FEDORA-2020-5eca570e16)
2020-06-07 00:00:00
Fedora: Security Advisory for marked (FEDORA-2020-d714c08261)
2020-06-07 00:00:00
ibm
ibm
Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Drupal dated modernizr library
2021-08-25 14:41:22
Security Bulletin: Multiple vulnerabilities in WebSphere Service Registry and Repository in packages such as Apache Struts and Node.js
2022-03-22 16:08:59

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.0%

JSON
Related for FC7715B7C134B7129D3BD74A5409C64698ED939A984C76BB630711FFDD627DAA
osv2cvelist1ubuntucve1debiancve1github1veracode1cve1prion1nessus2fedora2openvas2ibm2