CVE-2017-1189

Опубликовано: 07 сент. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg22008028
Vendor Advisory
http://www.securityfocus.com/bid/100699
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039268
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/123558
VDB Entry
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22008028
Vendor Advisory
http://www.securityfocus.com/bid/100699
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039268
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/123558
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00309

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-r6q9-xj5x-4f49