CVE-2018-1432 - OpenCVE

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Infosphere Information Server

Configuration 1 [-]

OR	cpe:2.3:a:ibm:infosphere_information_server:9.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:11.3:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:11.5:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:11.7:::::::*

No data.

References

Link	Providers
http://www.ibm.com/support/docview.wss?uid=swg22014911
http://www.securitytracker.com/id/1041039
https://exchange.xforce.ibmcloud.com/vulnerabilities/139360

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2018-06-05T15:00:00Z

Updated: 2024-09-17T01:05:56.077Z

Reserved: 2017-12-13T00:00:00

Link: CVE-2018-1432

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-06-05T15:29:00.360

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-1432

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "InfoSphere Information Server", "vendor": "IBM", "versions": [{"status": "affected", "version": "9.1"}, {"status": "affected", "version": "11.3"}, {"status": "affected", "version": "11.5"}, {"status": "affected", "version": "11.7"}]}], "datePublic": "2018-06-01T00:00:00", "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.8, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R/E:H/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Scripting", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-06T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22014911"}, {"name": "ibm-infosphere-cve20181432-xfs(139360)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139360"}, {"name": "1041039", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041039"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-06-01T00:00:00", "ID": "CVE-2018-1432", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "InfoSphere Information Server", "version": {"version_data": [{"version_value": "9.1"}, {"version_value": "11.3"}, {"version_value": "11.5"}, {"version_value": "11.7"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "N", "S": "C", "UI": "R"}, "TM": {"E": "H", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-Site Scripting"}]}]}, "references": {"reference_data": [{"name": "http://www.ibm.com/support/docview.wss?uid=swg22014911", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22014911"}, {"name": "ibm-infosphere-cve20181432-xfs(139360)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139360"}, {"name": "1041039", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041039"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:59:39.094Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22014911"}, {"name": "ibm-infosphere-cve20181432-xfs(139360)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139360"}, {"name": "1041039", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041039"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1432", "datePublished": "2018-06-05T15:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-17T01:05:56.077Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3BF0A4B-5DDB-420D-B1F2-8C1ED23F60CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "9923389A-6B64-482B-A631-1B6B841CB9AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*", "matchCriteriaId": "83640E7E-851E-4C8F-ADDA-7CF4E1D11F58", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*", "matchCriteriaId": "4CED2F00-89E3-4BA9-A8FB-D43B308A59A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360."}, {"lang": "es", "value": "IBM InfoSphere Information Server 9.1, 11.3, 11.5 y 11.7 es vulnerable a Cross-Frame Scripting, que es una vulnerabilidad que permite que un atacante cargue componentes Information Server en una etiqueta iframe HTML en una p\u00e1gina maliciosa. El atacante podr\u00eda utilizar esta debilidad para idear un ataque de secuestro de clics para llevar a cabo ataques de phishing, frame sniffing, ingenier\u00eda social o Cross-Site Request Forgery (CSRF). IBM X-Force ID: 139360."}], "id": "CVE-2018-1432", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2018-06-05T15:29:00.360", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22014911"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041039"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139360"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1021"}, {"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}