Cross-Site Scripting Vulnerability in IBM FileNet Content Manager
CVE-2018-1555

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Filenet P8 Platform
Vendor
CVE Published:
6 July 2018

Summary

IBM FileNet Content Manager versions 5.2.1 and 5.5.0 are susceptible to a cross-site scripting vulnerability. This flaw permits users to inject arbitrary JavaScript into the web interface, potentially compromising the integrity of the application. Exploiting this vulnerability may lead to unauthorized access and disclosure of sensitive information within an authenticated session, posing significant security risks to affected users.

Affected Version(s)

FileNet P8 Platform 5.2.1

FileNet P8 Platform 5.5.0

References

http://www.ibm.com/support/docview.wss?uid=swg22015943
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/142892
vdb-entryx_refsource_XF
http://www.securitytracker.com/id/1041225
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.