CVE-2022-40753 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting
The cross-site scripting issue exists due to insufficient sanitization of user-supplied data before using in the application’s code. Cross-site scripting issues can be mitigated by implementing input sanitization rules into the application code. X-Force ID: 240127. IBM InfoSphere Information Server is prone to a cross-site request forgery issue, allowing attackers to execute arbitrary actions in the context of trusted administrators. The issue is due to insufficient validation of user-supplied data before using in the application code. This flaw can be exploited only by administrators with access to the system. X-Force ID: 236689. IBM InfoSphere Information Server is vulnerable to a cross-site scripting issue. This issue allows users to embed arbitrary JavaScript code within the application thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. X-Force ID: 236690. IBM InfoSphere Information Server is vulnerable to a cross-site scripting issue, allowing users to embed arbitrary JavaScript code within the application thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. X-Force ID: 236691. IBM InfoSphere Information Server is vulnerable to a cross-site scripting issue, allowing users to embed arbitrary JavaScript code within the application thus altering the intended functionality potentially leading to credentials disclosure within a trusted session
IBM InfoSphere Information Server HTTP Header Injection Vulnerability
The HTTP header injection vulnerability is found in the HTTP Server module of the IBM InfoSphere Information Server. The issue allows attackers to inject arbitrary values into otherwise trusted headers, potentially leading to the disclosure of sensitive information. X-Force ID: 236692. IBM InfoSphere Information Server is prone to a cross-site request forgery issue, allowing attackers to execute arbitrary actions in the context of trusted administrators. The issue is due to insufficient validation of user-supplied data before using in the application code. This flaw can be exploited only by administrators with access to the system.
IBM InfoSphere Information Server and X-Force ID: 240130
IBM InfoSphere Information Server is prone to a cross-site request forgery issue, allowing attackers to execute arbitrary actions in the context of trusted administrators. The issue is due to insufficient validation of user-supplied data before using in the application code. This flaw can be exploited only by administrators with access to the system. X-Force ID: 240130. IBM WebSphere Commerce is vulnerable to a cross-site scripting issue, allowing users to embed arbitrary JavaScript code within the application thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. X-Force ID: 240131. IBM WebSphere Commerce is vulnerable to a cross-site scripting issue, allowing users to embed arbitrary JavaScript code within the application thus altering the intended functionality potentially leading to credentials disclosure within a trusted session
IBM InfoSphere Information Server - CSRF Bypass
The cross-site scripting issue exists due to insufficient sanitization of user-supplied data before using in the application’s code. Cross-site scripting issues can be mitigated by implementing input sanitization rules into the application code.
X-Force ID: 240127.
IBM InfoSphere Information Server is prone to a cross-site request forgery issue, allowing attackers to execute arbitrary actions in the context of trusted administrators. The issue is due to insufficient validation of user-supplied data before using in the application code. This flaw can be exploited only by administrators with access to the system.
X-Force ID: 236689.
IBM InfoSphere Information Server is vulnerable to a cross-site scripting issue. This issue allows users to embed arbitrary JavaScript code within the application thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. X-Force ID: 236690. IBM InfoSphere Information Server is vulnerable to a cross-site scripting issue, allowing users to embed arbitrary JavaScript code within the application thus altering the intended functionality potentially leading to credentials disclosure within a trusted session
Timeline
Published on: 11/15/2022 21:15:00 UTC
Last modified on: 11/18/2022 18:03:00 UTC