Sep 28, 2017 10:00 am EDT
Categorized: Medium Severity
Share this post:
IBM Insights Foundation for Energy is vulnerable to SQL injection (CVE-2017-1311). A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Insights Foundation for Energy is vulnerable to cross-site scripting (CVE-2017-1311). This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. This interim fix closes both vulnerabilites.
CVE(s): CVE-2017-1311, CVE-2017-1345
Affected product(s) and affected version(s):
This vulnerability affects the following versions and releases of Insights Foundation for Energy:
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2fsa7vu
X-Force Database: http://ift.tt/2wXkMcX
X-Force Database: http://ift.tt/2fsa8zy
from IBM Product Security Incident Response Team http://ift.tt/2wXkMJZ
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.