Cross-Site Scripting Vulnerability in IBM WebSphere Portal
CVE-2018-1444

5.4MEDIUM

Key Information:

Vendor

IBM
Status
Websphere Portal
Vendor
CVE Published:
14 March 2018

What is CVE-2018-1444?

IBM WebSphere Portal versions 8.5 and 9.0 are susceptible to a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the Web UI. This can lead to unauthorized actions being executed within a user’s session, potentially compromising sensitive data such as user credentials and undermining the security of the application. For more information, refer to the IBM security advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WebSphere Portal 8.5

WebSphere Portal 9.0

References

http://www.securitytracker.com/id/1040475
vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/139906
vdb-entryx_refsource_XF
https://www.ibm.com/support/docview.wss?uid=swg22014392
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.