IBM Cloud Pak System 2.3 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability

Summary

IBM Platform System Manager for Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Credit:

The information has been provided by Vendor

The original article can be found at:https://www.ibm.com/support/pages/node/1118487


Details

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 

 

Vulnerable Systems:

IBM Cloud Pak System 2.3

IBM Cloud Pak System 2.3.0.1

 

CVE Information:

CVE-2019-4467

 

Disclosure Timeline:
Published Date:12/3/2019

Categories: FeaturedNews