CVE-2018-1432

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360.

Published: Jun 5, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-1432
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-1021
CWE-352

Affected Software
References

Software	From	Fixed in
ibm / infosphere_information_server	9.1	9.1.x
ibm / infosphere_information_server	11.3	11.3.x
ibm / infosphere_information_server	11.5	11.5.x
ibm / infosphere_information_server	11.7	11.7.x

http://www.ibm.com/support/docview.wss?uid=swg22014911
http://www.securitytracker.com/id/1041039
https://exchange.xforce.ibmcloud.com/vulnerabilities/139360

Vulnerability Database

289,697

CVE-2018-1432