Cross-Site Scripting Vulnerability in IBM Campaign Products
CVE-2018-1921

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Campaign
Vendor: CVE Published:; 17 July 2019

What is CVE-2018-1921?

IBM Campaign versions 9.1.0, 9.1.2, 10.1, and 11.0 suffer from a cross-site scripting vulnerability that allows malicious users to inject arbitrary JavaScript code into the web interface. This dangerous flaw can alter how the application functions and may lead to the disclosure of sensitive credentials within a trusted user session. Organizations using these versions should implement security measures to mitigate the risks associated with potential exploitation.

Affected Version(s)

Campaign 9.1.2

Campaign 9.1.0

Campaign 10.1

References

https://www.ibm.com/support/docview.wss?uid=ibm10887995

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/152857

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2019
Vulnerability Reserved
Dec 13, 2017