Cross-Site Scripting Vulnerability in IBM Infosphere BigInsights
CVE-2017-1553

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Biginsights
Vendor
CVE Published:
1 November 2017

Summary

IBM Infosphere BigInsights versions 4.2.0 and 4.2.5 are affected by a cross-site scripting vulnerability that enables attackers to inject arbitrary JavaScript code into the Web UI. This security flaw can compromise user sessions, allowing unauthorized access to sensitive information, including credentials, within a trusted environment. As a result, organizations utilizing these versions should implement necessary security measures to mitigate potential exploits.

Affected Version(s)

BigInsights 4.2.0

BigInsights 4.2.5

References

http://www.ibm.com/support/docview.wss?uid=swg22009192
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/131397
x_refsource_MISC
http://www.securityfocus.com/bid/101588
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.