Cross-Site Scripting Vulnerability in IBM Security Guardium Big Data Intelligence
CVE-2018-1376

6.1MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
29 May 2018

Summary

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 contains a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the application’s Web UI. This can lead to the manipulation of the user interface and unauthorized access to sensitive data, including user credentials, during a trusted session. It is crucial for organizations using this product to apply security patches and updates to mitigate the risk of exposure.

Affected Version(s)

Security Guardium Big Data Intelligence 3.1

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.