CVE-2013-6738

Name of the Vulnerable Software and Affected Versions IBM SmartCloud Analytics Log Analysis versions 1.1 through 1.2 before 1.2.0.0-CSI-SCALA-IF0003

Description The issue allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint, specifically the OAuth authorization endpoint. This is a cross-site scripting (XSS) vulnerability.

Recommendations For versions 1.1 through 1.2 before 1.2.0.0-CSI-SCALA-IF0003, update to version 1.2.0.0-CSI-SCALA-IF0003 or later to resolve the issue. As a temporary workaround, consider restricting access to the OAuth authorization endpoint to minimize the risk of exploitation.