Cross-Site Scripting Vulnerability in IBM InfoSphere Streams
CVE-2017-1431

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Streams
Vendor
CVE Published:
8 August 2017

Summary

IBM InfoSphere Streams versions 4.0, 4.1, and 4.2 are susceptible to a cross-site scripting vulnerability. This flaw allows an attacker to embed arbitrary JavaScript code in the web user interface, which could modify the intended functionality of the application. Exploitation of this vulnerability could potentially result in the disclosure of sensitive information, such as user credentials, during trusted sessions. Effective security measures should be implemented to mitigate the risks associated with this vulnerability.

Affected Version(s)

Streams 4.0

Streams 4.0.1

Streams 4.1

References

http://www.securityfocus.com/bid/100253
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/127632
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg22006827
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.