Cross-Site Scripting Vulnerability in IBM Application Performance Management
CVE-2018-1441
6.1MEDIUM
Summary
The vulnerability in IBM Application Performance Management's Response Time Monitoring Agent allows an attacker to inject arbitrary JavaScript code into the Web UI. This can manipulate the application's intended functionality and lead to the potential disclosure of sensitive information, including user credentials, during a trusted session. Proper sanitization of user inputs and stringent content security policies are crucial to mitigate such vulnerabilities.
Affected Version(s)
Monitoring 8.1.3
Monitoring 8.1.4
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved