Thursday, September 28, 2017

IBM Security Bulletin: IBM Insights Foundation for Energy has vulnerabilites to SQL injection and cross-site scripting

Share this post:

IBM Insights Foundation for Energy is vulnerable to SQL injection (CVE-2017-1311). A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Insights Foundation for Energy is vulnerable to cross-site scripting (CVE-2017-1311). This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. This interim fix closes both vulnerabilites.

CVE(s): CVE-2017-1311, CVE-2017-1345

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of Insights Foundation for Energy:

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2fsa7vu
X-Force Database: http://ift.tt/2wXkMcX
X-Force Database: http://ift.tt/2fsa8zy



from IBM Product Security Incident Response Team http://ift.tt/2wXkMJZ

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.