IBM InfoSphere Data Quality Console is vulnerable to a Cross-Site Scripting (XSS) attack while adding new project connections. An attacker can trick a signed on user to clicking on a link, and then the attacker could obtain the user’s cookie and act with the user’s privileges in the InfoSphere Data Quality Console.
CVE ID:CVE-2014-3071****
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93786 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
IBM InfoSphere Data Quality Console version 11.3 running on all platforms.
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
InfoSphere Information Server| 11.3| JR50453 | --Apply IBM InfoSphere Data Quality Console Security Patch
None known, apply fixes