CVE-2018-1432

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360.
References
Configurations

Configuration 1

cpe:2.3:a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

Information

Published : 2018-06-05 03:29

Updated : 2020-08-24 05:37


NVD link : CVE-2018-1432

Mitre link : CVE-2018-1432

Products Affected
No products.
CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames

CWE-352