Cross-Site Scripting Vulnerability in IBM Tivoli Endpoint Manager
CVE-2017-1203

6.1MEDIUM

Key Information:

Vendor
IBM
Status
Bigfix Family
Vendor
CVE Published:
19 July 2017

Summary

The IBM Tivoli Endpoint Manager platform and applications suffer from a cross-site scripting flaw. This vulnerability enables attackers to inject arbitrary JavaScript code through the Web UI, potentially compromising the functionality of the platform. Users in a trusted session may inadvertently disclose their credentials, leading to unauthorized access and data breaches. Organizations utilizing this software must prioritize mitigating this risk to safeguard their sensitive information.

Affected Version(s)

BigFix family 9.1

BigFix family 9.2

BigFix family 9.5

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/123678
x_refsource_MISC
http://www.securityfocus.com/bid/99916
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22006014
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.