Cross-Site Scripting Vulnerability in IBM Insights Foundation for Energy
CVE-2017-1345

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Insights Foundation For Energy
Vendor: CVE Published:; 3 October 2017

Summary

IBM Insights Foundation for Energy version 2.0 contains a vulnerability that allows for cross-site scripting (XSS) attacks. This flaw permits attackers to inject arbitrary JavaScript into the Web UI. If exploited, this XSS vulnerability could allow unauthorized access to user credentials and session information, potentially compromising the integrity of trusted sessions. This underscores the importance of securing user input and sanitizing data to prevent such attacks. For more technical details, refer to IBM's official documentation and their X-Force database.

Affected Version(s)

Insights Foundation for Energy 2.0

References

http://www.ibm.com/support/docview.wss?uid=swg22009039

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/126460

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 3, 2017
Vulnerability Reserved
Nov 30, 2016