Cross-Site Scripting Vulnerability in IBM Tivoli Endpoint Manager Products
CVE-2017-1521

6.1MEDIUM

Key Information:

Vendor
IBM
Status
Bigfix Platform
Vendor
CVE Published:
26 October 2017

Summary

IBM Tivoli Endpoint Manager, including IBM BigFix Platforms 9.2 and 9.5, is susceptible to a Cross-Site Scripting vulnerability that permits malicious users to inject arbitrary JavaScript into the Web UI. This exploitation can disrupt the application's intended functionality and potentially lead to the disclosure of sensitive information, including user credentials, while operating within a trusted session. To safeguard against this vulnerability, it is crucial to implement the recommended security updates and adhere to best practices for web application security.

References

http://www.securityfocus.com/bid/101571
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22009673
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/129831
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.