Vulnerabilities > CVE-2018-1432 - Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Infosphere Information Server

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

ibm

CWE-1021

nessus

NVD

Published: 2018-06-05

Updated: 2020-08-24

Summary

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Infosphere Information Server 9.1 IBM Infosphere Information Server 11.3 IBM Infosphere Information Server 11.5 IBM Infosphere Information Server 11.7	4

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Nessus

NASL family	CGI abuses
NASL id	IBM_IGC_JUN_2018.NASL
description	The version of IBM InfoSphere Information Governance Catalog installed is less than 11.3.1.2 / 11.7.0.1 or 11.5.x.x and is therefore affected by multiple vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	110416
published	2018-06-08
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110416
title	IBM InfoSphere IGC Multiple Vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References