CVE-2018-1444: XSS
First published: Wed Mar 14 2018(Updated: )
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Portal | =8.5.0.0 | |
| IBM WebSphere Portal | =8.5.0.0-cf01 | |
| IBM WebSphere Portal | =8.5.0.0-cf02 | |
| IBM WebSphere Portal | =8.5.0.0-cf03 | |
| IBM WebSphere Portal | =8.5.0.0-cf04 | |
| IBM WebSphere Portal | =8.5.0.0-cf05 | |
| IBM WebSphere Portal | =8.5.0.0-cf06 | |
| IBM WebSphere Portal | =8.5.0.0-cf07 | |
| IBM WebSphere Portal | =8.5.0.0-cf08 | |
| IBM WebSphere Portal | =8.5.0.0-cf09 | |
| IBM WebSphere Portal | =8.5.0.0-cf10 | |
| IBM WebSphere Portal | =8.5.0.0-cf11 | |
| IBM WebSphere Portal | =8.5.0.0-cf12 | |
| IBM WebSphere Portal | =8.5.0.0-cf13 | |
| IBM WebSphere Portal | =8.5.0.0-cf14 | |
| IBM WebSphere Portal | =8.5.0.0-cf15 | |
| IBM WebSphere Portal | =9.0.0.0 | |
| IBM WebSphere Portal | =9.0.0.0-cf14 | |
| IBM WebSphere Portal | =9.0.0.0-cf15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1444?
CVE-2018-1444 is considered a high severity vulnerability due to the potential for cross-site scripting attacks that can lead to credentials disclosure.
How do I fix CVE-2018-1444?
To remediate CVE-2018-1444, it is recommended to apply the latest patches and updates provided by IBM for affected versions of WebSphere Portal.
Which versions are affected by CVE-2018-1444?
CVE-2018-1444 affects IBM WebSphere Portal versions 8.5 and 9.0, including all specific fix packs listed.
What is the impact of CVE-2018-1444?
The impact of CVE-2018-1444 could allow an attacker to inject malicious JavaScript into the web interface, potentially compromising user sessions.
Is there a workaround for CVE-2018-1444 before a patch is available?
Currently, the best course of action is to restrict access to the affected applications while awaiting an official patch for CVE-2018-1444.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm websphere portal
- version/ibm websphere portal/8.5.0.0
- version/ibm websphere portal/8.5.0.0-cf01
- version/ibm websphere portal/8.5.0.0-cf02
- version/ibm websphere portal/8.5.0.0-cf03
- version/ibm websphere portal/8.5.0.0-cf04
- version/ibm websphere portal/8.5.0.0-cf05
- version/ibm websphere portal/8.5.0.0-cf06
- version/ibm websphere portal/8.5.0.0-cf07
- version/ibm websphere portal/8.5.0.0-cf08
- version/ibm websphere portal/8.5.0.0-cf09
- version/ibm websphere portal/8.5.0.0-cf10
- version/ibm websphere portal/8.5.0.0-cf11
- version/ibm websphere portal/8.5.0.0-cf12
- version/ibm websphere portal/8.5.0.0-cf13
- version/ibm websphere portal/8.5.0.0-cf14
- version/ibm websphere portal/8.5.0.0-cf15
- version/ibm websphere portal/9.0.0.0
- version/ibm websphere portal/9.0.0.0-cf14
- version/ibm websphere portal/9.0.0.0-cf15