Cross-Site Scripting Vulnerability in IBM Tivoli Endpoint Manager Products
CVE-2017-1521

6.1MEDIUM

Key Information:

Vendor

IBM
Status
Bigfix Platform
Vendor
CVE Published:
26 October 2017

What is CVE-2017-1521?

IBM Tivoli Endpoint Manager, including IBM BigFix Platforms 9.2 and 9.5, is susceptible to a Cross-Site Scripting vulnerability that permits malicious users to inject arbitrary JavaScript into the Web UI. This exploitation can disrupt the application's intended functionality and potentially lead to the disclosure of sensitive information, including user credentials, while operating within a trusted session. To safeguard against this vulnerability, it is crucial to implement the recommended security updates and adhere to best practices for web application security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/101571
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22009673
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/129831
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.