Fabric OS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE(s): CVE-2017-6225
Affected product(s) and affected version(s):
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ssg1S1012113
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138944
The post IBM Security Bulletin: IBM b-type SAN switches and directors affected by XSS vulnerabilities CVE-2017-6225. appeared first on IBM PSIRT Blog.
| Affected IBM b-type Network/Storage switches | Affected Versions |
| IBM FOS Firmware | 7.X prior to 7.4.2b |
| IBM FOS Firmware | 8.X prior to 8.1.2a |
from IBM Product Security Incident Response Team http://ift.tt/2EIc7Lp
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.