CVE-2017-1591

IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
ibmdatapower_gateway
7.0.0.0
ibmdatapower_gateway
7.0.0.1
ibmdatapower_gateway
7.0.0.2
ibmdatapower_gateway
7.0.0.3
ibmdatapower_gateway
7.0.0.4
ibmdatapower_gateway
7.0.0.5
ibmdatapower_gateway
7.0.0.6
ibmdatapower_gateway
7.0.0.7
ibmdatapower_gateway
7.0.0.8
ibmdatapower_gateway
7.0.0.9
ibmdatapower_gateway
7.0.0.10
ibmdatapower_gateway
7.0.0.11
ibmdatapower_gateway
7.0.0.12
ibmdatapower_gateway
7.0.0.13
ibmdatapower_gateway
7.0.0.14
ibmdatapower_gateway
7.0.0.15
ibmdatapower_gateway
7.0.0.16
ibmdatapower_gateway
7.0.0.17
ibmdatapower_gateway
7.0.0.18
ibmdatapower_gateway
7.0.0.19
ibmdatapower_gateway
7.1.0.0
ibmdatapower_gateway
7.1.0.1
ibmdatapower_gateway
7.1.0.2
ibmdatapower_gateway
7.1.0.3
ibmdatapower_gateway
7.1.0.4
ibmdatapower_gateway
7.1.0.5
ibmdatapower_gateway
7.1.0.6
ibmdatapower_gateway
7.1.0.7
ibmdatapower_gateway
7.1.0.8
ibmdatapower_gateway
7.1.0.9
ibmdatapower_gateway
7.1.0.10
ibmdatapower_gateway
7.1.0.11
ibmdatapower_gateway
7.1.0.12
ibmdatapower_gateway
7.1.0.13
ibmdatapower_gateway
7.1.0.14
ibmdatapower_gateway
7.1.0.15
ibmdatapower_gateway
7.1.0.16
ibmdatapower_gateway
7.1.0.17
ibmdatapower_gateway
7.1.0.18
ibmdatapower_gateway
7.2.0.0
ibmdatapower_gateway
7.2.0.1
ibmdatapower_gateway
7.2.0.2
ibmdatapower_gateway
7.2.0.3
ibmdatapower_gateway
7.2.0.4
ibmdatapower_gateway
7.2.0.5
ibmdatapower_gateway
7.2.0.6
ibmdatapower_gateway
7.2.0.7
ibmdatapower_gateway
7.2.0.8
ibmdatapower_gateway
7.2.0.9
ibmdatapower_gateway
7.2.0.10
ibmdatapower_gateway
7.2.0.11
ibmdatapower_gateway
7.2.0.12
ibmdatapower_gateway
7.2.0.13
ibmdatapower_gateway
7.2.0.14
ibmdatapower_gateway
7.2.0.15
ibmdatapower_gateway
7.5.0.0
ibmdatapower_gateway
7.5.0.1
ibmdatapower_gateway
7.5.0.2
ibmdatapower_gateway
7.5.0.3
ibmdatapower_gateway
7.5.0.4
ibmdatapower_gateway
7.5.0.5
ibmdatapower_gateway
7.5.0.6
ibmdatapower_gateway
7.5.0.7
ibmdatapower_gateway
7.5.0.8
ibmdatapower_gateway
7.5.0.9
ibmdatapower_gateway
7.5.1.0
ibmdatapower_gateway
7.5.1.1
ibmdatapower_gateway
7.5.1.2
ibmdatapower_gateway
7.5.1.3
ibmdatapower_gateway
7.5.1.4
ibmdatapower_gateway
7.5.1.5
ibmdatapower_gateway
7.5.1.6
ibmdatapower_gateway
7.5.1.7
ibmdatapower_gateway
7.5.1.8
ibmdatapower_gateway
7.5.2.0
ibmdatapower_gateway
7.5.2.1
ibmdatapower_gateway
7.5.2.2
ibmdatapower_gateway
7.5.2.3
ibmdatapower_gateway
7.5.2.4
ibmdatapower_gateway
7.5.2.5
ibmdatapower_gateway
7.5.2.6
ibmdatapower_gateway
7.5.2.7
ibmdatapower_gateway
7.5.2.8
ibmdatapower_gateway
7.6.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg22008815
http://www.securityfocus.com/bid/101021
https://exchange.xforce.ibmcloud.com/vulnerabilities/132368
http://www.ibm.com/support/docview.wss?uid=swg22008815
http://www.securityfocus.com/bid/101021
https://exchange.xforce.ibmcloud.com/vulnerabilities/132368