CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
38.5%
Vulnerability in dojo-dojo-release-1.12.1 affects Cloud Pak System.
CVEID:CVE-2018-6561
**DESCRIPTION:**Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the ‘onload’ attribute of an SVG element to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/138648 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s)|**Version(s) (Power)
**
—|—
IBM Cloud Pak System| 2.3.1.1., 2.3.2.0
IBM Cloud Pak System| 2.3.3.7
Affected Product(s)|**Version(s) (intel)
**
IBM Cloud Pak Systemn| 2.3.3.0
IBM Cloud Pak Systemn| 2.3.3.3 iFIx1
IBM Cloud Pak Systemn| 2.3.3.4
IBM Cloud Pak Systemn| 2.3.3.5,
IBM Cloud Pak Systemn| 2.3.3.6, 2.3.3.3.6 iFix1, 2.3.3.6 iFix2
For unsupported versions the recommendation is to upgrade to supported version of the product.
This security bulletin applies to Cloud Pak System, Cloud Pak System Software, Cloud Pak System Software Suite.
IBM strongly recommends addressing the vulnerability now by applying the fix below.
For Cloud Pak System V2.3.1.1, V2.3.2.0,
Upgrade to Cloud Pak System v2.3.3.7 and apply V2.3.3.7 Interim Fix 01 at IBM Fix Central.
information on upgrading here <https://www.ibm.com/support/pages/node/6982511>
For Cloud Pak System V2.3.3.7,
Apply Cloud Pak System V2.3.3.7 Interim Fix 01 at IBM Fix Central.
information on upgrading available at <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
For Cloud Pak System for Intel
Upgrade to Cloud Pak System v2.3.4.0 at Fix Central
Information on upgrading here <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | cloud_pak_system | 2.3 | cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
38.5%