IBM.Tivoli.Endpoint.Manager.Web.Reports.ScheduleParam.XSS
Description
This indicates an attack attempt to exploit a Cross Site Scripting vulnerability in IBM Tivoli Endpoint Manager.
The vulnerability is due to insufficient sanitizing of certain HTTP parameters. A remote attacker can exploit this to execute arbitrary script code within the context of the application.
Affected Products
IBM Tivoli Endpoint Manager prior to 8.2 patch 3
Impact
System Compromise: Remote attackers can execute arbitrary script code within the context of the targeted user.
Recommended Actions
Refer to the vendor's website for suggested workaround.
http://www-01.ibm.com/support/docview.wss?uid=swg21587743
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2018-10-16 | 13.473 | Sig Added |