IBM Security Access Manager CVE-2018-1653 Cross Site Scripting Vulnerability

Bugtraq ID:	106272
Class:	Input Validation Error
CVE:	CVE-2018-1653
Remote:	Yes
Local:	No
Published:	Dec 11 2018 12:00AM
Updated:	Dec 11 2018 12:00AM
Credit:	Ron Craig, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza from IBM X-Force Ethical Hacking Team
Vulnerable:	IBM Security Access Manager 9.0.5.0 IBM Security Access Manager 9.0.4.0 IBM Security Access Manager 9.0.3.0 IBM Security Access Manager 9.0.2.0 IBM Security Access Manager 9.0.1.0
Not Vulnerable:	IBM Security Access Manager 9.0.6.0

IBM Security Access Manager CVE-2018-1653 Cross Site Scripting Vulnerability

IBM Security Access Manager is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

IBM Security Access Manager versions 9.0.1.0 through 9.0.5.0 are vulnerable.

IBM Security Access Manager CVE-2018-1653 Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM Security Access Manager CVE-2018-1653 Cross Site Scripting Vulnerability

References:

• IBM Homepage (IBM)
  
• Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM (IBM)