IBM InfoSphere Information Server CVE-2018-1895 Cross Site Scripting Vulnerability
BID:107062
Info
IBM InfoSphere Information Server CVE-2018-1895 Cross Site Scripting Vulnerability
| Bugtraq ID: | 107062 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-1895 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 04 2018 12:00AM |
| Updated: | Dec 04 2018 12:00AM |
| Credit: | IBM |
| Vulnerable: |
IBM InfoSphere Information Server on Cloud 11.7 IBM InfoSphere Information Server on Cloud 11.5 IBM InfoSphere Information Governance Catalog 11.7 IBM InfoSphere Information Governance Catalog 11.5 IBM InfoSphere Information Governance Catalog 11.3 |
| Not Vulnerable: | |
Discussion
IBM InfoSphere Information Server CVE-2018-1895 Cross Site Scripting Vulnerability
IBM InfoSphere Information Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following products are affected:
IBM InfoSphere Information Governance Catalog versions 11.3, 11.5, and 11.7
IBM InfoSphere Information Server on Cloud versions 11.5, and 11.7
IBM InfoSphere Information Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following products are affected:
IBM InfoSphere Information Governance Catalog versions 11.3, 11.5, and 11.7
IBM InfoSphere Information Server on Cloud versions 11.5, and 11.7
Exploit / POC
IBM InfoSphere Information Server CVE-2018-1895 Cross Site Scripting Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user into visiting a specially crafted URL.
An attacker can exploit this issue by enticing an unsuspecting user into visiting a specially crafted URL.
References
IBM InfoSphere Information Server CVE-2018-1895 Cross Site Scripting Vulnerability
References:
References: