Cross-Site Scripting Vulnerability in IBM Tivoli Endpoint Manager Products
CVE-2017-1521
6.1MEDIUM
Summary
IBM Tivoli Endpoint Manager, including IBM BigFix Platforms 9.2 and 9.5, is susceptible to a Cross-Site Scripting vulnerability that permits malicious users to inject arbitrary JavaScript into the Web UI. This exploitation can disrupt the application's intended functionality and potentially lead to the disclosure of sensitive information, including user credentials, while operating within a trusted session. To safeguard against this vulnerability, it is crucial to implement the recommended security updates and adhere to best practices for web application security.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved