Cross-Site Scripting Vulnerability in IBM WebSphere Portal Products
CVE-2018-1416

6.1MEDIUM

Key Information:

Vendor
IBM
Status
Websphere Portal
Vendor
CVE Published:
27 February 2018

Summary

IBM WebSphere Portal versions 7.0, 8.0, 8.5, and 9.0 have a vulnerability that permits cross-site scripting attacks. This issue enables attackers to inject arbitrary JavaScript into the Web user interface, potentially altering normal functionality and leading to unauthorized disclosure of sensitive user credentials within a trusted session. Organizations using affected versions should assess their exposure and implement security measures to mitigate the risk of exploitation.

Affected Version(s)

WebSphere Portal 7.0

WebSphere Portal 8.0

WebSphere Portal 8.5

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/138822
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg22013706
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103168
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.