Cross-Site Scripting Vulnerability in IBM SmartCloud Analytics Log Analysis
CVE-2013-6738

Currently unrated

Key Information:

Vendor: IBM
Status: Smartcloud Analytics Log Analysis
Vendor: CVE Published:; 24 April 2014

Summary

The vulnerability in IBM SmartCloud Analytics Log Analysis allows attackers to exploit an improper query parameter handling in the OAuth authorization endpoint. This flaw can result in the injection of arbitrary web scripts or HTML, enabling unauthorized access to sensitive information or control over user sessions. Users are encouraged to upgrade to version 1.2.0.0-CSI-SCALA-IF0003 or later to mitigate potential risks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21676092

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/89854

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21669137

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 24, 2014
Vulnerability Reserved
Nov 8, 2013