Published: 01/02/2017 Updated: 15/02/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm biginsights 4.2

Big Blue's BigInsights has big-ish bugs

The Register • Team Register • 30 Jan 2017

Guests gain XSSive privileges in IBM's Hadoopery

IBM has patched twin cross-site scripting (XSS) vulnerabilities in its Hadoop-probing InfoSphere BigInsights platform. The patches released last week shutter the bugs (CVE-2016-2924, CVE-2016-2992) that could compromise users of the big data analytics software. Fortinet researcher Honggang Ren quietly reported the flaws to Big Blue last year and offered proof-of-concepts how to reproduce the vulnerabilities on unpatched BigInsights installations. The bugs allow guest users to own administrators,...

CVE-2016-2992

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect