Cross-Site Scripting Vulnerability in IBM Application Performance Management
CVE-2018-1441

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Monitoring
Vendor: CVE Published:; 14 March 2018

Summary

The vulnerability in IBM Application Performance Management's Response Time Monitoring Agent allows an attacker to inject arbitrary JavaScript code into the Web UI. This can manipulate the application's intended functionality and lead to the potential disclosure of sensitive information, including user credentials, during a trusted session. Proper sanitization of user inputs and stringent content security policies are crucial to mitigate such vulnerabilities.

Affected Version(s)

Monitoring 8.1.3

Monitoring 8.1.4

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/139597

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=swg22013557

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 14, 2018
Vulnerability Reserved
Dec 13, 2017