Fortinet Discovers IBM Infosphere BigInsights Cross-Site Scripting Vulnerability II
Summary
Fortinet's FortiGuard Labs has discovered a cross-site scripting vulnerability in IBM Infosphere BigInsights.
IBM InfoSphere BigInsights is an analytics platform, based on open source Apache Hadoop, for analyzing massive volumes of unconventional data in its native format. The software enables advanced analysis and modeling of diverse data, and supports structured, semi-structured and unstructured content to provide maximum flexibility.
A cross-site scripting vulnerability has been discovered in IBM Infosphere BigInsights. The vulnerability is caused by improper validation of user-supplied input. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:IBM.Infosphere.BigInsights.Editor.XSS
Released Jul 08, 2016
Users should apply the solution provided by IBM.
Additional Information
Fortinet reported the vulnerability to IBM on May 18, 2016.
IBM confirmed the vulnerability on Jun. 28, 2016.
IBM patched the vulnerability on Jan. 23, 2017.