Details of VAR-201803-1745

ID

VAR-201803-1745

CVE

CVE-2018-1429

TITLE

IBM MQ Appliance Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-003249

DESCRIPTION

IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077. Vendors have confirmed this vulnerability IBM X-Force ID: 139077 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 1.89

sources: NVD: CVE-2018-1429 // JVNDB: JVNDB-2018-003249 // BID: 103491

AFFECTED PRODUCTS

vendor:	ibm	model:	mq appliance	scope:	eq	version:	9.0.1	Trust: 2.4
vendor:	ibm	model:	mq appliance	scope:	eq	version:	9.0.2	Trust: 2.4
vendor:	ibm	model:	mq appliance	scope:	eq	version:	9.0.3	Trust: 2.4
vendor:	ibm	model:	mq appliance	scope:	eq	version:	9.0.4	Trust: 2.4
vendor:	ibm	model:	mq appliance cd	scope:	eq	version:	9.0.4	Trust: 0.3
vendor:	ibm	model:	mq appliance cd	scope:	eq	version:	9.0.3	Trust: 0.3
vendor:	ibm	model:	mq appliance cd	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	ibm	model:	mq appliance cd	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	ibm	model:	mq appliance cd	scope:	ne	version:	9.0.5	Trust: 0.3

sources: BID: 103491 // JVNDB: JVNDB-2018-003249 // CNNVD: CNNVD-201803-894 // NVD: CVE-2018-1429

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-1429
value:	MEDIUM
Trust: 1.0
psirt@us.ibm.com:	CVE-2018-1429
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-1429
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201803-894
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2018-1429
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2018-1429
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 2.8

sources: JVNDB: JVNDB-2018-003249 // CNNVD: CNNVD-201803-894 // NVD: CVE-2018-1429 // NVD: CVE-2018-1429

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2018-003249 // NVD: CVE-2018-1429

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-894

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201803-894

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003249

PATCH

title:	2014046	url:	http://www-01.ibm.com/support/docview.wss?uid=swg22014046	Trust: 0.8
title:	ibm-websphere-cve20181429-xss (139077)	url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/139077	Trust: 0.8
title:	IBM MQ Appliance Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79393	Trust: 0.6

sources: JVNDB: JVNDB-2018-003249 // CNNVD: CNNVD-201803-894

EXTERNAL IDS

db:	NVD	id:	CVE-2018-1429	Trust: 2.7
db:	BID	id:	103491	Trust: 1.9
db:	SECTRACK	id:	1040564	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-003249	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-894	Trust: 0.6

sources: BID: 103491 // JVNDB: JVNDB-2018-003249 // CNNVD: CNNVD-201803-894 // NVD: CVE-2018-1429

REFERENCES

url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/139077	Trust: 1.6
url:	http://www.securitytracker.com/id/1040564	Trust: 1.6
url:	http://www.securityfocus.com/bid/103491	Trust: 1.6
url:	http://www.ibm.com/support/docview.wss?uid=swg22014046	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1429	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1429	Trust: 0.8
url:	http://www.ibm.com/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg22014046	Trust: 0.3

sources: BID: 103491 // JVNDB: JVNDB-2018-003249 // CNNVD: CNNVD-201803-894 // NVD: CVE-2018-1429

CREDITS

IBM

Trust: 0.3

sources: BID: 103491

SOURCES

db:	BID	id:	103491
db:	JVNDB	id:	JVNDB-2018-003249
db:	CNNVD	id:	CNNVD-201803-894
db:	NVD	id:	CVE-2018-1429

LAST UPDATE DATE

2024-11-23T23:08:45.951000+00:00

SOURCES UPDATE DATE

db:	BID	id:	103491	date:	2018-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-003249	date:	2018-05-18T00:00:00
db:	CNNVD	id:	CNNVD-201803-894	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-1429	date:	2024-11-21T03:59:48.220

SOURCES RELEASE DATE

db:	BID	id:	103491	date:	2018-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-003249	date:	2018-05-18T00:00:00
db:	CNNVD	id:	CNNVD-201803-894	date:	2018-03-26T00:00:00
db:	NVD	id:	CVE-2018-1429	date:	2018-03-23T19:29:00.747