Cross-Site Scripting Vulnerability in IBM SPSS Analytic Server
CVE-2018-1772

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Spss Analytic Server
Vendor
CVE Published:
15 January 2019

Summary

IBM SPSS Analytic Server version 3.1.1.1 is susceptible to a cross-site scripting vulnerability, wherein an attacker can inject arbitrary JavaScript within the Web UI. This capability enables the potential manipulation of the application's functionality, which may lead to serious security implications such as credential disclosure during trusted sessions.

References

https://www.ibm.com/support/docview.wss?uid=ibm10791853
x_refsource_CONFIRM
http://www.securityfocus.com/bid/106630
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/148689
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.