CVE-2022-40753 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2022-40753 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

The cross-site scripting issue exists due to insufficient sanitization of user-supplied data before using in the application’s code. Cross-site scripting issues can be mitigated by implementing input sanitization rules into the application code. X-Force ID: 240127. IBM InfoSphere Information Server is prone to a cross-site request forgery issue, allowing attackers to execute arbitrary actions in the context of trusted administrators. The issue is due to insufficient validation of user-supplied data before using in the application code. This flaw can be exploited only by administrators with access to the system. X-Force ID: 236689. IBM InfoSphere Information Server is vulnerable to a cross-site scripting issue. This issue allows users to embed arbitrary JavaScript code within the application thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. X-Force ID: 236690. IBM InfoSphere Information Server is vulnerable to a cross-site scripting issue, allowing users to embed arbitrary JavaScript code within the application thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. X-Force ID: 236691. IBM InfoSphere Information Server is vulnerable to a cross-site scripting issue, allowing users to embed arbitrary JavaScript code within the application thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

IBM InfoSphere Information Server HTTP Header Injection Vulnerability

The HTTP header injection vulnerability is found in the HTTP Server module of the IBM InfoSphere Information Server. The issue allows attackers to inject arbitrary values into otherwise trusted headers, potentially leading to the disclosure of sensitive information. X-Force ID: 236692. IBM InfoSphere Information Server is prone to a cross-site request forgery issue, allowing attackers to execute arbitrary actions in the context of trusted administrators. The issue is due to insufficient validation of user-supplied data before using in the application code. This flaw can be exploited only by administrators with access to the system.

IBM InfoSphere Information Server and X-Force ID: 240130

IBM InfoSphere Information Server is prone to a cross-site request forgery issue, allowing attackers to execute arbitrary actions in the context of trusted administrators. The issue is due to insufficient validation of user-supplied data before using in the application code. This flaw can be exploited only by administrators with access to the system. X-Force ID: 240130. IBM WebSphere Commerce is vulnerable to a cross-site scripting issue, allowing users to embed arbitrary JavaScript code within the application thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. X-Force ID: 240131. IBM WebSphere Commerce is vulnerable to a cross-site scripting issue, allowing users to embed arbitrary JavaScript code within the application thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

IBM InfoSphere Information Server - CSRF Bypass

The cross-site scripting issue exists due to insufficient sanitization of user-supplied data before using in the application’s code. Cross-site scripting issues can be mitigated by implementing input sanitization rules into the application code.
X-Force ID: 240127.
IBM InfoSphere Information Server is prone to a cross-site request forgery issue, allowing attackers to execute arbitrary actions in the context of trusted administrators. The issue is due to insufficient validation of user-supplied data before using in the application code. This flaw can be exploited only by administrators with access to the system.
X-Force ID: 236689.
IBM InfoSphere Information Server is vulnerable to a cross-site scripting issue. This issue allows users to embed arbitrary JavaScript code within the application thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. X-Force ID: 236690. IBM InfoSphere Information Server is vulnerable to a cross-site scripting issue, allowing users to embed arbitrary JavaScript code within the application thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe