CVE-2017-1500

01.08.2017, 18:29

A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get an HTTP 403 Forbidden response and the value will be reflected in the body of the HTTP response. By setting it to arbitrary JavaScript code it is possible to modify the flow of the authorization function, potentially leading to credential disclosure within a trusted session.

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ibm	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 43%

Vendor	Product	Version
ibm	mobilefirst_platform_foundation	6.3.0.0
ibm	mobilefirst_platform_foundation	7.0.0.0
ibm	mobilefirst_platform_foundation	7.1.0.0
ibm	mobilefirst_platform_foundation	8.0.0.0
ibm	worklight	6.1.0.2
ibm	worklight	6.2.0.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://www-01.ibm.com/support/docview.wss?uid=swg2C1000316

https://exchange.xforce.ibmcloud.com/vulnerabilities/129404

http://www-01.ibm.com/support/docview.wss?uid=swg2C1000316

https://exchange.xforce.ibmcloud.com/vulnerabilities/129404