CVE-2017-1203 — Cross-site Scripting in IBM Bigfix Platform

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 46.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Bigfix Family IBM Bigfix Platform

Timeline

PublishedJul 19

Latest updateMay 17

Description

IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDibm/bigfix_platform18 versions+17

▶CVEListV5ibm/bigfix_family9.1, 9.2, 9.5+2

🔴Vulnerability Details

GHSA

GHSA-6wjv-6229-v5x5: IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting↗2022-05-17

▶

CVEList

CVE-2017-1203: IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting↗2017-07-19

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - 'USP10!otlSinglePosLookup::getCoverageTable' Uniscribe Font Processing Out-of-Bounds Memory Read↗2017-06-23

▶

💬Community

Bugzilla

CVE-2017-7474 keycloak-connect: auth token validity check ignored↗2017-04-25

▶