InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in qirks mode thereby facilitating an attacker to inject malicious CSS.
CVE(s): CVE-2016-8999
Affected product(s) and affected version(s):
The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 8.7, 9.1, 11.3, and 11.5
IBM InfoSphere DataStage: versions 8.7, 9.1, 11.3, and 11.5
IBM InfoSphere Information Server on Cloud: version 11.5
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2iVOBT5
X-Force Database: http://ift.tt/2iURtNN
from IBM Product Security Incident Response Team http://ift.tt/2iVHIB6
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.