jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM Performance Management has addressed the applicable CVE.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Cloud APM, Base Private | 8.1.4 |
| IBM Cloud APM, Advanced Private | 8.1.4 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6173889
The post Security Bulletin: A vulnerability in jQuery affects the IBM Performance Management product (CVE-2019-11358) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/3bm1yO8
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.