Cross-Site Scripting Vulnerability in IBM Security Access Manager Appliance
CVE-2018-1653

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Security Access Manager Appliance
Vendor
CVE Published:
13 December 2018

Summary

The IBM Security Access Manager Appliance versions 9.0.1.0 through 9.0.5.0 are subject to a cross-site scripting vulnerability that enables attackers to inject arbitrary JavaScript into the Web UI. This flaw could allow attackers to manipulate the normal functioning of the application, which may lead to unauthorized access to sensitive user credentials during a trusted session. It is crucial for users of the affected versions to apply the appropriate patches or updates to mitigate the risks associated with this security flaw. For further details, refer to the IBM X-Force ID 144726 and relevant security advisories.

Affected Version(s)

Security Access Manager Appliance 9.0.1.0

Security Access Manager Appliance 9.0.2.0

Security Access Manager Appliance 9.0.3.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/144726
vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=ibm10787785
x_refsource_CONFIRM
http://www.securityfocus.com/bid/106272
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.