IBM InfoSphere Information Server Framework is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE(s): CVE-2017-1321
Affected product(s) and affected version(s):
The following product, running on all supported platforms, is affected:
IBM Information Server Framework: versions 9.1, 11.3, and 11.5
IBM InfoSphere Information Server on Cloud version 11.5
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2tJtjv6
X-Force Database: http://ift.tt/2sZZIQV
The post IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-Site Scripting (XSS) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2tJ5XpE
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.