Vulnerability CVE-2017-1321


Published: 2017-07-12   Modified: 2017-07-17

Description:
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916.

Vendor: IBM
Product: Infosphere information server 
Version:
9.1
11.5
11.3

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.ibm.com/support/docview.wss?uid=swg22004729
http://www.securityfocus.com/bid/99537
https://exchange.xforce.ibmcloud.com/vulnerabilities/125916

Related CVE
CVE-2017-1374
Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867.
CVE-2017-1381
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.
CVE-2017-1371
Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864.
CVE-2017-1372
IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis...
CVE-2017-1373
Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866.
CVE-2017-1267
IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742.
CVE-2017-1309
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.
CVE-2017-1223
IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL di...

Copyright 2017, cxsecurity.com