Medium Severity

Security Bulletin: Insecure Use of InnerHTML or OuterHTML in IBM Enterprise Records

Share this post:

It also is the case that we internally create the text to go into the HTML, not an external entity.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Enterprise Records 5.2.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6337457

More stories

Security Bulletin: IBM Security Verify Bridge uses a hard-coded key to encrypt the client secret (CVE-2021-20442)

Mar 2, 2021 7:00 pm EST | Medium Severity

The obfuscation logic in IBM Security Verify Bridge (ISVB) relies on a hard-coded key to encrypt the client secret string. This means all ISVB users have the same encryption key. As of v1.0.5, ISVB has re-implemented its obfuscation logic so that each user gets assigned a unique key. ...read more


Security Bulletin: iOS Vulnerable Minimum OS Version Supported

Mar 2, 2021 7:00 pm EST | Medium Severity

IBM Maximo Anywhere is compatible on running on iOS version previous to iOS 10. ...read more


Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site scripting vulnerability

Mar 2, 2021 7:00 pm EST | Medium Severity

A cross-site scripting vulnerability was addressed by IBM InfoSphere Information Server. ...read more