Cross-Site Scripting Vulnerability in IBM WebSphere Portal
CVE-2017-1217

6.1MEDIUM

Key Information:

Vendor
IBM
Status
Websphere Portal
Vendor
CVE Published:
28 June 2017

Summary

IBM WebSphere Portal versions 8.5 and 9.0 exhibit a vulnerability that allows cross-site scripting (XSS) attacks. This security flaw enables attackers to inject arbitrary JavaScript code into the Web UI, which could manipulate the application's intended behavior. Consequently, this may lead to the unauthorized disclosure of user credentials during a trusted session. Proper mechanisms should be put in place to prevent such vulnerabilities and protect sensitive information.

Affected Version(s)

WebSphere Portal 8.5

WebSphere Portal 9.0

References

http://www.securitytracker.com/id/1038797
vdb-entryx_refsource_SECTRACK
http://www.ibm.com/support/docview.wss?uid=swg22004348
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/123857
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.