#VU13182 Cross-frame scripting in IBM Corporation products - CVE-2018-1432

Vulnerability identifier: #VU13182

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1432

CWE-ID: CWE-59

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM InfoSphere Information Server for Cloud
IBM InfoSphere Information Server
IBM InfoSphere Information Analyzer
IBM InfoSphere Information Governance Catalog
IBM InfoSphere Data Click
IBM InfoSphere Metadata Asset Manager
IBM InfoSphere Data Quality Exception Console
IBM InfoSphere Data Quality Console
IBM InfoSphere Information Server Business Glossary
IBM InfoSphere Information Server Metadata Workbench

Software vendor:
IBM Corporation

The vulnerability allows a remote attacker to execute a cross-frame scripting (XFS) attack.

The weakness exists due to insufficient protections for HTML inline frames (iframes). A remote attacker can trick the victim into visiting a specially crafted website, load valid content from the target system within an HTML iframe and attempt to conduct cross-site scripting, cross-site request forgery, clickjacking, or phishing attacks.

Install update from vendor's website.

• http://www-01.ibm.com/support/docview.wss?uid=swg22014911