Cross-Site Scripting Vulnerability in IBM InfoSphere Guardium Products
CVE-2012-3341

6.4MEDIUM

Key Information:

Vendor: IBM
Status: Infosphere Guardium
Vendor: CVE Published:; 1 September 2020

Summary

IBM InfoSphere Guardium versions 7.0 to 8.2 are susceptible to a cross-site scripting vulnerability due to inadequate validation of user input. This allows remote attackers to craft malicious URLs that can execute scripts in the web browsers of unsuspecting users. When victims click these links, attackers could potentially gain access to cookie-based authentication credentials, leading to unauthorized actions within the affected web environment. For more information, refer to IBM's support documentation and X-Force ID 78294.

Affected Version(s)

InfoSphere Guardium 7.00

InfoSphere Guardium 8.0

InfoSphere Guardium 8.01

References

http://www-01.ibm.com/support/docview.wss?uid=swg21611131

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/78294

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 1, 2020
Vulnerability Reserved
Jun 7, 2012