Cross-Site Scripting Vulnerability in IBM BigFix Platform
CVE-2018-1473
6.1MEDIUM
Summary
The IBM BigFix Platform versions 9.2 and 9.5 are susceptible to a cross-site scripting vulnerability. This security flaw enables attackers to inject arbitrary JavaScript code into the Web UI, compromising the integrity of the user experience. Such exploitation could undermine the functionality of the application while potentially disclosing sensitive credentials during an active and trusted session.
Affected Version(s)
BigFix Platform 9.2
BigFix Platform 9.5
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved