Lucene search

IBMA6FEE1D0899FE02014650CC4CDBA00F72FC848840B1F68F3729C1532310A6287

HistoryNov 07, 2022 - 11:12 a.m.

Security Bulletin: Potential vulnerability in Dojo affect IBM Operations Analytics - Log Analysis (CVE-2018-15494)

2022-11-0711:12:59

www.ibm.com

dojo toolkit

cross-site scripting

ibm operations analytics

log analysis

cve-2018-15494

vulnerability

sensitive information

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

77.0%

JSON

Summary

Vulnerability in dojo allow remote attacker to access any cookies, session tokens, or other sensitive information through cross-site scripting

Vulnerability Details

CVEID:CVE-2018-15494
**DESCRIPTION:**Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148556 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Log Analysis	1.3.x

Remediation/Fixes

Version	Fix details
IBM Operations Analytics - Log Analysis version 1.3.x	Upgrade to Log Analysis version 1.3.x Interim Fix 7
Download the 1.3.x-TIV-IOALA-IF007

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsmartcloud_analytics_log_analysisMatch1.3.

CPENameOperatorVersion
ibm smartcloud analyticseq1.3.

CPE	Name	Operator	Version
	ibm smartcloud analytics	eq	1.3.

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

77.0%

JSON

Related for A6FEE1D0899FE02014650CC4CDBA00F72FC848840B1F68F3729C1532310A6287