Cross-site scripting in Oauth
CVE ID**:** CVE-2013-6738
DESCRIPTION:
OAuth /authorize endpoint will return an invalid query param in the response. This allows a script to be injected in the response.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89854> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Any customer using version 1.1 should call IBM Support for guidance.
IBM SmartCloud Analytics LogAnalysis v1.1 and v1.2
IBM SmartCloud Analytics LogAnalysis 1.2.0.0-CSI-SCALA-IF0003 APAR ID - IV57425
None