IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to a Cross-Frame scripting issue (CVE-2018-1432)

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection.

CVE(s): CVE-2018-1432

Affected product(s) and affected version(s):

The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 11.3, 11.5, and 11.7
IBM InfoSphere Information Analyzer: versions 11.5, and 11.7
IBM InfoSphere Information Governance Catalog: versions 11.3, 11.5, and 11.7
IBM Information Server Governance Monitor: versions 11.5, and 11.7
IBM InfoSphere Data Click: versions 11.3, 11.5, and 11.7
IBM InfoSphere Metadata Asset Manager: versions 11.3, 11.5, and 11.7
IBM InfoSphere Data Quality Exception Console: versions 11.5, and 11.7
IBM InfoSphere Data Quality Console: version 11.3
IBM InfoSphere Information Server Business Glossary: version 9.1
IBM InfoSphere Information Server Metadata Workbench: version 9.1
IBM InfoSphere Information Server on Cloud: versions 11.5, and 11.7

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22014911
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139360

The post IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to a Cross-Frame scripting issue (CVE-2018-1432) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2soVEaW