Cross-Site Scripting Vulnerability in IBM FileNet Content Manager
CVE-2018-1556

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Filenet P8 Platform
Vendor
CVE Published:
6 July 2018

Summary

The vulnerability in IBM FileNet Content Manager 5.2.1 and 5.5.0 allows for cross-site scripting, enabling attackers to inject arbitrary JavaScript code into the Web UI. This could lead to altered functionality, ultimately risking the disclosure of users' credentials during active sessions. The exposure stems from improper handling of input, which erodes the trust users place in the application interface, making them susceptible to various attacks.

Affected Version(s)

FileNet P8 Platform 5.2.1

FileNet P8 Platform 5.5.0

References

http://www.ibm.com/support/docview.wss?uid=swg22015943
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041225
vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/142893
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.