CVE-2018-3823
Description
X-Pack Machine Learning as used by Junos Space Security Director is unaffected by this issue and resolved in investigation. X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.202
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0 | Windows |
| Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2018-3823) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234