Cross-Site Scripting Vulnerability in IBM Atlas eDiscovery Process Management
CVE-2017-1354

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Atlas Ediscovery Process Management
Vendor: CVE Published:; 7 December 2017

Summary

IBM Atlas eDiscovery Process Management version 6.0.3 is affected by a vulnerability that enables cross-site scripting attacks. This flaw allows attackers to inject malicious JavaScript code into the web interface. If exploited, it can lead to unauthorized access and manipulation of sensitive information within a trusted session, potentially compromising user credentials. Users of this product should apply the latest security patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Atlas eDiscovery Process Management 6.0.3

Atlas eDiscovery Process Management 6.0.3.2

Atlas eDiscovery Process Management 6.0.3.3

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/126681

x_refsource_MISC

https://www.ibm.com/support/docview.wss?uid=swg22005828

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 7, 2017
Vulnerability Reserved
Nov 30, 2016