CVE-2019-4237

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 61.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server IBM Infosphere Information Governance Catalog IBM Infosphere Information Server ON Cloud

Timeline

PublishedJul 1

Latest updateMay 24

Description

A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5ibm/infosphere_information_server11.3, 11.5, 11.7+2

▶NVDibm/infosphere_information_server11.3, 11.5, 11.7+2

▶NVDibm/infosphere_information11.5, 11.7+1

▶NVDibm/infosphere_information_governance_catalog11.3, 11.5, 11.7+2

🔴Vulnerability Details

GHSA

GHSA-gvqm-hqhp-9mhq: A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11↗2022-05-24

▶

OSV

spamassassin vulnerabilities↗2020-01-15

▶

CVEList

CVE-2019-4237: A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11↗2019-07-01

▶