What is the severity of CVE-2017-1380?

CVE-2017-1380 has a moderate severity level due to its potential for cross-site scripting and credentials disclosure.

How do I fix CVE-2017-1380?

To fix CVE-2017-1380, apply the latest security patches and updates provided by IBM for WebSphere Application Server.

What products are affected by CVE-2017-1380?

CVE-2017-1380 affects IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0.

Is CVE-2017-1380 an exploit?

CVE-2017-1380 is a vulnerability that can be exploited to execute arbitrary JavaScript, potentially compromising user credentials.

Can CVE-2017-1380 lead to data breaches?

Yes, CVE-2017-1380 can lead to data breaches by allowing attackers to execute scripts that capture sensitive information during a session.

Vulnerability/
CVE-2017-1380

medium

5.4

CWE

24/7/2017

16/9/2024

CVE-2017-1380: XSS

First published: Mon Jul 24 2017(Updated: )

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM WebSphere Application Server Feature Pack for Web Services	>=7.0.0.0<=7.0.0.43
IBM WebSphere Application Server Feature Pack for Web Services	>=8.0.0.0<=8.0.0.13
IBM WebSphere Application Server Feature Pack for Web Services	>=8.5.0.0<=8.5.5.11
IBM WebSphere Application Server Feature Pack for Web Services	>=9.0.0.0<=9.0.0.4

Remedy

http://www.ibm.com/support/docview.wss?uid=swg22004786

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1380?
CVE-2017-1380 has a moderate severity level due to its potential for cross-site scripting and credentials disclosure.
How do I fix CVE-2017-1380?
To fix CVE-2017-1380, apply the latest security patches and updates provided by IBM for WebSphere Application Server.
What products are affected by CVE-2017-1380?
CVE-2017-1380 affects IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0.
Is CVE-2017-1380 an exploit?
CVE-2017-1380 is a vulnerability that can be exploited to execute arbitrary JavaScript, potentially compromising user credentials.
Can CVE-2017-1380 lead to data breaches?
Yes, CVE-2017-1380 can lead to data breaches by allowing attackers to execute scripts that capture sensitive information during a session.

agent/references
agent/type
agent/severity
agent/weakness
agent/remedy
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm websphere application server feature pack for web services
version/ibm websphere application server feature pack for web services/7.0.0.0
version/ibm websphere application server feature pack for web services/7.0.0.43
version/ibm websphere application server feature pack for web services/8.0.0.0
version/ibm websphere application server feature pack for web services/8.0.0.13
version/ibm websphere application server feature pack for web services/8.5.0.0
version/ibm websphere application server feature pack for web services/8.5.5.11
version/ibm websphere application server feature pack for web services/9.0.0.0
version/ibm websphere application server feature pack for web services/9.0.0.4