Cross-Site Scripting Vulnerability in IBM Security Access Manager
CVE-2019-4157

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Security Access Manager
Vendor: CVE Published:; 25 June 2019

What is CVE-2019-4157?

IBM Security Access Manager versions 9.0.1 through 9.0.6 are susceptible to cross-site scripting (XSS), permitting attackers to inject malicious JavaScript code into the web interface. This vulnerability can alter the expected behaviors of the application, which may lead to disclosure of user credentials during a trusted session. For further information, please refer to IBM's documentation and the X-Force vulnerability database.

Affected Version(s)

Security Access Manager 9.0.1

Security Access Manager 9.0.3

Security Access Manager 9.0.4

References

https://www.ibm.com/support/docview.wss?uid=ibm10888379

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/158573

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2019
Vulnerability Reserved
Jan 3, 2019