HTML Injection Vulnerability in IBM BigFix Compliance
CVE-2017-1202

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
5 February 2019

Summary

IBM BigFix Compliance versions 1.7 through 1.9.91 are susceptible to a security flaw that allows remote attackers to inject malicious HTML code. When an unsuspecting user views this injected content, the HTML executes within their web browser under the security permissions of the affected site. This vulnerability poses a risk as it can be exploited to deliver harmful scripts and compromise user data.

Affected Version(s)

BigFix Compliance 1.7

BigFix Compliance 1.9.91

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.