PT-2018-12437 · Ibm · Ibm Infosphere Information Server

Published

2018-06-05

Updated

2020-08-24

CVE-2018-1432

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Information Server versions 9.1, 11.3, 11.5, 11.7

Description The issue allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page, enabling Clickjacking attacks for phishing, frame sniffing, social engineering, or Cross-Site Request Forgery attacks.

Recommendations For IBM InfoSphere Information Server versions 9.1, 11.3, 11.5, 11.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-1021

Related Identifiers

CVE-2018-1432

Affected Products

Ibm Infosphere Information Server

PT-2018-12437 · Ibm · Ibm Infosphere Information Server

CVE-2018-1432

Weakness Enumeration

Related Identifiers

Affected Products

References · 5