IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY Reflected XSS in WebSphereSamISP

Content Collector for Email has addressed the following vulnerability. IBM WebSphere Application Server using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE(s): CVE-2018-1793

Affected product(s) and affected version(s):

Content Collector for Email v4.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10738341
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148948

The post IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY Reflected XSS in WebSphereSamISP appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2MT6rD5