IBM HTTP Server Response Time module, which is delivered as part of IBM Performance Management, has addressed the following vulnerability.
CVEID: CVE-2018-1441**
DESCRIPTION:** IBM Application Performance Management - Response Time Monitoring Agent is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139597 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
IBM Cloud Application Performance Management, Advanced Private V8.1.4
IBM Cloud Application Performance Management V8.1.4
IBM Performance Management V8.1.3
Product
|
Product Version
|
APAR
|
Remediation / First Fix
—|—|—|—
IBM Cloud Application Performance Management - Monitoring Agent for HTTP Server| 8.1.4| D - PSIRT ALERT: 9519 Multiple Cross-Site Scripting Vulnerabilities- 8.1.4 (126567)| If you use the IBM HTTP Server Response Time module, the vulnerabilities can be remediated by applying the HTTP Server agent 8.1.4.0-IBM-APM-HTTP-SERVER-AGENT-IF0001 patch to all systems where this agent is installed:
_http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.4.0-IBM-APM-HTTP-SERVER-AGENT-IF0001&source=SAR_
IBM Performance Management - Monitoring Agent for HTTP Server| 8.1.3| D - PSIRT ALERT: 9519 Multiple Cross-Site Scripting Vulnerabilities- 8.1.3.x (128133)| If you use the IBM HTTP Server Response Time module, the vulnerabilities can be remediated by applying the HTTP Server agent 8.1.3.0-IBM-IPM-HTTP-SERVER-AGENT-IF0003 patch to all systems where this agent is installed:
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Tivoli+Monitoring&fixids=8.1.3.0-IBM-IPM-HTTP-SERVER-AGENT-IF0003&source=SAR