Published: 01/02/2017 Updated: 15/02/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm biginsights 4.2

Big Blue's BigInsights has big-ish bugs

The Register • Team Register • 30 Jan 2017

Guests gain XSSive privileges in IBM's Hadoopery

IBM has patched twin cross-site scripting (XSS) vulnerabilities in its Hadoop-probing InfoSphere BigInsights platform. The patches released last week shutter the bugs (CVE-2016-2924, CVE-2016-2992) that could compromise users of the big data analytics software. Fortinet researcher Honggang Ren quietly reported the flaws to Big Blue last year and offered proof-of-concepts how to reproduce the vulnerabilities on unpatched BigInsights installations. The bugs allow guest users to own administrators,...

CVE-2016-2924

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect