Cross site scripting

2017-11-0121:29:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 131396.

CPENameOperatorVersion
infosphere_biginsightseq4.2.5
infosphere_biginsightseq4.2.0

CPE	Name	Operator	Version
	infosphere_biginsights	eq	4.2.5
	infosphere_biginsights	eq	4.2.0

References

www.ibm.com/support/docview.wss?uid=swg22009192

www.securityfocus.com/bid/101588

exchange.xforce.ibmcloud.com/vulnerabilities/131396