Cross-Site Scripting Vulnerability in IBM Application Performance Management
CVE-2018-1441

6.1MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
14 March 2018

Summary

The vulnerability in IBM Application Performance Management's Response Time Monitoring Agent allows an attacker to inject arbitrary JavaScript code into the Web UI. This can manipulate the application's intended functionality and lead to the potential disclosure of sensitive information, including user credentials, during a trusted session. Proper sanitization of user inputs and stringent content security policies are crucial to mitigate such vulnerabilities.

Affected Version(s)

Monitoring 8.1.3

Monitoring 8.1.4

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.