Vulnerabilities > CVE-2018-1432 - Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Infosphere Information Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | CGI abuses |
NASL id | IBM_IGC_JUN_2018.NASL |
description | The version of IBM InfoSphere Information Governance Catalog installed is less than 11.3.1.2 / 11.7.0.1 or 11.5.x.x and is therefore affected by multiple vulnerabilities. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 110416 |
published | 2018-06-08 |
reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/110416 |
title | IBM InfoSphere IGC Multiple Vulnerabilities |
References
- http://www.ibm.com/support/docview.wss?uid=swg22014911
- http://www.ibm.com/support/docview.wss?uid=swg22014911
- http://www.securitytracker.com/id/1041039
- http://www.securitytracker.com/id/1041039
- https://exchange.xforce.ibmcloud.com/vulnerabilities/139360
- https://exchange.xforce.ibmcloud.com/vulnerabilities/139360