CVE-2017-1199

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 49.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Master Data Management IBM Infosphere Master Data Management Server

Timeline

PublishedAug 3

Latest updateMay 17

Description

IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123674.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDibm/infosphere_master_data_management_server6 versions+5

▶CVEListV5ibm/infosphere_master_data_management8 versions+7

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-wp9g-g38w-6wj9: IBM InfoSphere Master Data Management Server 10↗2022-05-17

▶

CVEList

CVE-2017-1199: IBM InfoSphere Master Data Management Server 10↗2017-08-03

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - 'USP10!ttoGetTableData' Uniscribe Font Processing Out-of-Bounds Memory Read↗2017-06-23

▶