First published: Thu Apr 25 2019(Updated: )
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464.
Credit: psirt@us.ibm.com psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ibm Infosphere Information Server | =11.3 | |
Ibm Infosphere Information Server | =11.5 | |
Ibm Infosphere Information Server | =11.7 | |
Ibm Infosphere Information Server On Cloud | =11.5 | |
Ibm Infosphere Information Server On Cloud | =11.7 | |
=11.3 | ||
=11.5 | ||
=11.7 | ||
=11.5 | ||
=11.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-4238 is a vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session.
The severity of CVE-2019-4238 is medium with a CVSS score of 5.4.
CVE-2019-4238 affects IBM InfoSphere Information Server versions 11.3, 11.5, and 11.7.
An attacker can exploit CVE-2019-4238 by embedding arbitrary JavaScript code in the Web UI of IBM InfoSphere Information Server, potentially leading to credentials disclosure.
Yes, IBM has released a fix for CVE-2019-4238. It is recommended to apply the necessary updates as soon as possible.