Security Bulletin: Vulnerabilities affect IBM InfoSphere BigInsights Web console (CVE-2016-2924, CVE-2016-2992 )

Summary Cross-site scripting vulnerabilities in Data Server Manager affect IBM InfoSphere BigInsights Web console and user-supplied input Vulnerability Details CVEID: CVE-2016-2924 DESCRIPTION: IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of...

CVE-2016-2992

IBM InfoSphere BigInsights Web Console is vulnerable to Cross‑Site Scripting (CVE-2016-2992) due to improper validation of user input in the Web UI. The related IBM advisory also covers CVE-2016-2924. Affected product: IBM InfoSphere BigInsights 4.2; vulnerability allows an attacker to embed arbi...