Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM68762F9B97244228D4FDC0C6A3CB0C7CA39273D7387B7DC7A403747ED465EA59
HistoryMay 14, 2021 - 9:38 p.m.

Security Bulletin: Multiple CKEditor Vulnerabilities Affect IBM Control Center

2021-05-1421:38:19
www.ibm.com
38
ckeditor
ibm control center
cross-site scripting
denial of service
vulnerabilities

EPSS

0.002

Percentile

53.7%

JSON

Summary

Muliple CKEditor vulnerablities affect IBM Control Center. See vulnerability details for descriptions.

Vulnerability Details

CVEID:CVE-2018-17960
**DESCRIPTION:**CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a source-mode paste to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/153156 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2020-9281
**DESCRIPTION:**CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the HTML Data Processor. A remote attacker could exploit this vulnerability using a specially crafted protected comment to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177488 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2021-26271
**DESCRIPTION:**CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the Advanced Tab for Dialogs plugin. By persuading a victim to paste specially-crafted text into the Styles input of specific dialogs, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195665 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-26272
**DESCRIPTION:**CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the Autolink plugin. By persuading a victim to paste specially-crafted URL-like text, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195667 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Control Center 6.2.0.0

Remediation/Fixes

Product |

VRMF

|

iFix

|

Remediation

—|—|—|—

IBM Control Center

|

6.2.0.0

|

iFix08

|

Fix Central - 6.2.0.0

Workarounds and Mitigations

None

Related

ibm 7
openvas 12
prion 5
typo3 1
friendsofphp 2
osv 11
ubuntucve 4
debiancve 3
github 4
veracode 4
cve 5
cvelist 5
nvd 5
redhatcve 2
nessus 11
fedora 5
fortinet 1
ubuntu 2
oracle 7
ibm
ibm
Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to CKEditor
2022-05-13 14:58:22
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to denial of service due to CKeditor WYSIWYG editor (CVE-2021-26271, CVE-2021-26272)
2022-02-22 14:31:15
Security Bulletin: IBM API Connect is impacted by vulnerabilities in Drupal CKEditor (CVE-2021-26271, CVE-2021-26272)
2021-08-25 17:44:45
openvas
openvas
CKEditor 4.0 < 4.16 Multiple ReDoS Vulnerabilities - Linux
2021-01-28 00:00:00
CKEditor 4.0 < 4.16 Multiple ReDoS Vulnerabilities - Windows
2021-01-28 00:00:00
Drupal 8.x CKEditor XSS Vulnerability (SA-CORE-2020-001) - Windows
2020-03-19 00:00:00
prion
prion
Cross site scripting
2018-11-14 20:29:00
Design/Logic Flaw
2021-01-26 21:15:00
Cross site scripting
2020-03-07 01:15:00
typo3
typo3
Cross-Site Scripting in CKEditor
2018-12-11 00:00:00
friendsofphp
friendsofphp
Cross-Site Scripting in CKEditor
2018-12-11 09:55:56
Cross-Site Scripting in CKEditor
2018-12-11 09:55:56
osv
osv
CVE-2018-17960
2018-11-14 20:29:00
Ckeditor XSS Vulnerability
2018-11-21 22:19:50
CVE-2021-26271
2021-01-26 21:15:12
ubuntucve
ubuntucve
CVE-2018-17960
2018-11-14 00:00:00
CVE-2021-26272
2021-01-26 00:00:00
CVE-2020-9281
2020-03-07 00:00:00
debiancve
debiancve
CVE-2018-17960
2018-11-14 20:29:00
CVE-2021-26272
2021-01-26 21:15:12
CVE-2021-26271
2021-01-26 21:15:12
github
github
Ckeditor XSS Vulnerability
2018-11-21 22:19:50
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4
2021-10-13 15:34:09
CKEditor 4 ReDoS Vulnerability
2022-05-24 17:40:21
veracode
veracode
Cross-site Scripting (XSS)
2018-11-15 06:34:58
Regular Expression Denial Of Service (ReDoS)
2021-01-27 05:04:13
Regular Expression Denial Of Service (ReDoS)
2021-01-27 05:34:12
cve
cve
CVE-2018-17960
2018-11-14 20:29:00
CVE-2021-26271
2021-01-26 21:15:12
CVE-2021-26272
2021-01-26 21:15:12
cvelist
cvelist
CVE-2018-17960
2018-11-14 20:00:00
CVE-2021-26272
2021-01-26 20:39:56
CVE-2021-26271
2021-01-26 20:39:46
nvd
nvd
CVE-2018-17960
2018-11-14 20:29:00
CVE-2021-26271
2021-01-26 21:15:12
CVE-2020-9281
2020-03-07 01:15:15
redhatcve
redhatcve
CVE-2021-26272
2022-05-20 22:50:58
CVE-2020-9281
2022-05-21 00:07:07
nessus
nessus
Fedora 29 : ckeditor (2019-ae7f274d24)
2019-03-06 00:00:00
Fedora 28 : ckeditor (2019-31ad8a36d8)
2019-03-07 00:00:00
Fedora 31 : ckeditor (2020-a832c215bf)
2020-03-30 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: ckeditor-4.11.2-1.fc29
2019-03-06 06:59:00
[SECURITY] Fedora 28 Update: ckeditor-4.11.2-1.fc28
2019-03-06 15:29:01
[SECURITY] Fedora 32 Update: ckeditor-4.14.0-1.fc32
2020-03-29 00:17:51
fortinet
fortinet
FortiManager/FortiAnalyzer - XSS Vulnerability in Report Templates
2022-11-01 00:00:00
ubuntu
ubuntu
CKEditor vulnerabilities
2022-03-22 00:00:00
CKEditor vulnerabilities
2022-03-23 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00

EPSS

0.002

Percentile

53.7%

JSON
Related for 68762F9B97244228D4FDC0C6A3CB0C7CA39273D7387B7DC7A403747ED465EA59
ibm7openvas12prion5typo31friendsofphp2osv11ubuntucve4debiancve3github4veracode4cve5cvelist5nvd5redhatcve2nessus11fedora5fortinet1ubuntu2oracle7