CVE-2019-4237

A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419.

Published : 2019-07-01 15:15 Updated : 2019-10-09 23:50

3.5
CVSS Score More info
Score 3.5 / 10
3.5
Vendor Product Version URI
Ibm Infosphere Information Governance Catalog 11.3 cpe:/a:ibm:infosphere_information_governance_catalog:11.3
Ibm Infosphere Information Governance Catalog 11.5 cpe:/a:ibm:infosphere_information_governance_catalog:11.5
Ibm Infosphere Information Governance Catalog 11.7 cpe:/a:ibm:infosphere_information_governance_catalog:11.7
Ibm Infosphere Information Server 11.3 cpe:/a:ibm:infosphere_information_server:11.3
Ibm Infosphere Information Server 11.5 cpe:/a:ibm:infosphere_information_server:11.5
Ibm Infosphere Information Server 11.7 cpe:/a:ibm:infosphere_information_server:11.7
Ibm Infosphere Information Server On Cloud 11.5 cpe:/a:ibm:infosphere_information_server_on_cloud:11.5
Ibm Infosphere Information Server On Cloud 11.7 cpe:/a:ibm:infosphere_information_server_on_cloud:11.7
  1. Ibm (3) Search CVE
    1. Infosphere Information Server (3) Search CVE
      1. 11.3
      2. 11.5
      3. 11.7
    2. Infosphere Information Governance Catalog (3) Search CVE
      1. 11.3
      2. 11.5
      3. 11.7
    3. Infosphere Information Server On Cloud (2) Search CVE
      1. 11.5
      2. 11.7

CWE

ID Name Description Links
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CVE

History of changes

Date Event
2019-07-08 19:32
2019-07-01 16:15
2019-07-01 15:28

New CVE