Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM12389B125B8EA224F0AFE02F42609D024AA2ED38F652930C17331BAB5FE126D9
HistoryDec 08, 2020 - 9:03 p.m.

Security Bulletin: IBM InfoSphere Information Server is affected by an unescaped string injection in Dojo Toolkit

2020-12-0821:03:43
www.ibm.com
8

0.005 Low

EPSS

Percentile

77.0%

JSON

Summary

An unescaped string injection vulnerability in Dojo Toolkit that is used by IBM InfoSphere Information Server was addressed.

Vulnerability Details

CVEID: CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. CVSS Base Score: 6.1
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/148556&gt;_ for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

The following product, running on all supported platforms, is affected:
IBM InfoSphere Information Server : versions 11.3, 11.5, 11.7
IBM InfoSphere Information Server on Cloud : versions 11.5, 11.7

Remediation/Fixes

Product

| VRMF | APAR | Remediation/First Fix
β€”|β€”|β€”|β€”
InfoSphere Information Server, Information Server on Cloud | 11.7 | JR61706 | --Apply InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server 11.7.1.0 Fix Pack 1
--For InfoSphere DataStage
11.7.1.0 11.7.1.1 & 11.7.1.2: Apply InfoSphere DataStage Security patch
InfoSphere Information Server, Information Server on Cloud | 11.5 | JR61706 | --Apply InfoSphere Information Server version 11.5.0.2
--Apply InfoSphere Information Server 11.5.0.2 Service Pack 6
--Apply InfoSphere Information Server Framework Security patch --Apply InfoSphere Metadata Asset Manager Security patch--Apply InfoSphere DataStage Security patch

InfoSphere Information Server | 11.3 | JR61706 | --Upgrade to a new release where the issue has been addressed

Contact Technical Support:

In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with Information Server Technical Support.

Workarounds and Mitigations

None

Related

openvas 1
ubuntucve 1
ibm 30
cvelist 1
redhatcve 1
osv 3
veracode 1
cve 1
github 1
packetstorm 1
debian 1
debiancve 1
prion 1
nvd 1
nessus 1
zdt 1
openvas
openvas
Debian: Security Advisory (DLA-1492-1)
2018-09-03 00:00:00
ubuntucve
ubuntucve
CVE-2018-15494
2018-08-18 00:00:00
ibm
ibm
Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)
2019-10-28 16:30:15
Security Bulletin: Potential vulnerability in Dojo affect IBM Operations Analytics - Log Analysis (CVE-2018-15494)
2022-11-07 11:12:59
Security Bulletin: A Security vulnerability found in Dojo Toolkit which is shipped with IBM Security Identity Management product (CVE-2018-15494)
2022-10-11 18:54:36
cvelist
cvelist
CVE-2018-15494
2018-08-18 02:00:00
redhatcve
redhatcve
CVE-2018-15494
2018-08-23 05:54:01
osv
osv
CVE-2018-15494
2018-08-18 02:29:01
dojox vulnerable to unescaped string injection
2018-10-15 22:03:48
dojo - security update
2018-09-03 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2018-08-20 07:17:16
cve
cve
CVE-2018-15494
2018-08-18 02:29:01
github
github
dojox vulnerable to unescaped string injection
2018-10-15 22:03:48
packetstorm
packetstorm
Dojo Toolkit 1.13 Cross Site Scripting
2018-08-27 00:00:00
debian
debian
[SECURITY] [DLA 1492-1] dojo security update
2018-09-03 08:06:10
debiancve
debiancve
CVE-2018-15494
2018-08-18 02:29:01
prion
prion
Sql injection
2018-08-18 02:29:00
nvd
nvd
CVE-2018-15494
2018-08-18 02:29:01
nessus
nessus
Debian DLA-1492-1 : dojo security update
2018-09-04 00:00:00
zdt
zdt
Dojo Toolkit 1.13 Cross Site Scripting Vulnerability
2018-08-28 00:00:00

0.005 Low

EPSS

Percentile

77.0%

JSON
Related for 12389B125B8EA224F0AFE02F42609D024AA2ED38F652930C17331BAB5FE126D9
openvas1ubuntucve1ibm30cvelist1redhatcve1osv3veracode1cve1github1packetstorm1debian1debiancve1prion1nvd1nessus1zdt1