Cross-Site Scripting Vulnerability in IBM iNotes
CVE-2017-1327

6.1MEDIUM

Key Information:

Vendor
IBM
Status
Inotes
Vendor
CVE Published:
3 August 2017

Summary

IBM iNotes versions 8.5 and 9.0 are subject to a cross-site scripting vulnerability that allows attackers to insert arbitrary JavaScript code into the Web UI. This exploitation can enable unauthorized actions and lead to the disclosure of user credentials within an active session. Ensuring the application is updated and employing additional security measures can mitigate risks associated with this vulnerability.

Affected Version(s)

iNotes 9.0

iNotes 8.5.3

iNotes 8.5.2

References

http://www.ibm.com/support/docview.wss?uid=swg22003664
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/126062
x_refsource_MISC
http://www.securityfocus.com/bid/100139
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.