Cross-Site Scripting Vulnerability in IBM Security Access Manager Appliance
CVE-2018-1653
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 13 December 2018
Summary
The IBM Security Access Manager Appliance versions 9.0.1.0 through 9.0.5.0 are subject to a cross-site scripting vulnerability that enables attackers to inject arbitrary JavaScript into the Web UI. This flaw could allow attackers to manipulate the normal functioning of the application, which may lead to unauthorized access to sensitive user credentials during a trusted session. It is crucial for users of the affected versions to apply the appropriate patches or updates to mitigate the risks associated with this security flaw. For further details, refer to the IBM X-Force ID 144726 and relevant security advisories.
Affected Version(s)
Security Access Manager Appliance 9.0.1.0
Security Access Manager Appliance 9.0.2.0
Security Access Manager Appliance 9.0.3.0
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved