CVE-2017-1552

IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 131396.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ibmCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
ibminfosphere_biginsights
4.2.0
ibminfosphere_biginsights
4.2.5
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ibmbiginsights
4.2.0
CNA
ibmbiginsights
4.2.5
CNA
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg22009192
http://www.securityfocus.com/bid/101588
https://exchange.xforce.ibmcloud.com/vulnerabilities/131396
http://www.ibm.com/support/docview.wss?uid=swg22009192
http://www.securityfocus.com/bid/101588
https://exchange.xforce.ibmcloud.com/vulnerabilities/131396