Fortinet Discovers IBM InfoSphere BigInsights Cross-Site Scripting Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a cross-site scripting vulnerability in IBM Infosphere BigInsights.
IBM InfoSphere BigInsights is an analytics platform, based on open source Apache Hadoop, for analyzing massive volumes of unconventional data in its native format. The software enables advanced analysis and modeling of diverse data, and supports structured, semi-structured and unstructured content to provide maximum flexibility.
A cross-site scripting vulnerability has been discovered in IBM Infosphere BigInsights. The vulnerability is caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:IBM.Infosphere.BigInsights.Customalerts.XSS
Released Jul 08, 2016
Users should apply the solution provided by IBM.
Additional Information
Fortinet reported the vulnerability to IBM on Apr. 27, 2016.
IBM confirmed the vulnerability on Jun. 20, 2016.
IBM patched the vulnerability on Jan. 23, 2017.