IBM InfoSphere Information Server Vulnerable to Cross-Site Scripting
CVE-2023-33843

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Infosphere Information Server
Vendor: CVE Published:; 21 February 2024

Summary

IBM InfoSphere Information Server 11.7 has a cross-site scripting vulnerability that enables users to inject arbitrary JavaScript code into the Web UI. This flaw can alter the intended functionality of the application, posing a risk of credential disclosure during a trusted session. As a result, it compromises user security and impacts overall application reliability. Users and administrators should apply necessary precautions to mitigate this issue and protect sensitive information.

Affected Version(s)

InfoSphere Information Server 11.7

References

https://www.ibm.com/support/pages/node/7116607

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/256544

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 21, 2024
Vulnerability Reserved
May 23, 2023