PatchSiren cyber security CVE debrief

CVE-2017-1121 IBM CVE debrief

CVE-2017-1121 is a medium-severity cross-site scripting flaw in IBM WebSphere Application Server. IBM and NVD describe affected versions as 7.0, 8.0, 8.5, 8.5.5, and 9.0. The issue can let a user embed arbitrary JavaScript in the Web UI, which may alter intended functionality and potentially expose credentials within a trusted session.

Vendor: IBM
Product: CVE-2017-1121
CVSS: MEDIUM 5.4
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-13
Original CVE updated: 2026-05-13
Advisory published: 2017-02-13
Advisory updated: 2026-05-13

Who should care

IBM WebSphere Application Server administrators, application owners, and security teams responsible for authenticated Web UI access should review this issue, especially where multiple users interact with administrative or management pages.

Technical summary

NVD classifies the weakness as CWE-79 and lists CVSS v3.0 vector CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability is a web-based XSS condition affecting the IBM WebSphere Application Server Web UI. Because exploitation requires low privileges and user interaction, the practical risk is strongest in authenticated sessions where injected JavaScript could run in a trusted browser context and potentially disclose credentials or manipulate UI behavior.

Defensive priority

Medium. The issue is not marked as KEV in the supplied corpus, but it affects a widely deployed application server and can impact trusted administrative sessions.

Recommended defensive actions

Review IBM PSIRT advisory 1997743 and apply the vendor-recommended fix or mitigation for affected WebSphere Application Server versions.
Audit Web UI entry points that accept user-supplied content and ensure output encoding, input validation, and context-aware escaping are in place.
Limit access to administrative and management interfaces to trusted networks and privileged accounts only.
Use the latest supported maintenance level for IBM WebSphere Application Server and verify whether your deployed 7.0, 8.0, 8.5, 8.5.5, or 9.0 instance is affected.
Monitor for unexpected script execution or anomalous browser activity in authenticated Web UI sessions.

Evidence notes

The supplied NVD record identifies the affected IBM WebSphere Application Server versions and classifies the issue as CWE-79. The vendor advisory reference (IBM reference 1997743) is the primary remediation source in the corpus. No exploit code or fixed-version details were provided in the supplied material, so remediation guidance is limited to the vendor advisory and general XSS defenses.

Official resources

CVE-2017-1121 CVE record
CVE.org
CVE-2017-1121 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
Source reference
[email protected]
Source reference
[email protected]

CVE-2017-1121 was published on 2017-02-13T22:59:00.257Z; the later modified date (2026-05-13T00:24:29.033Z) reflects record updates, not the original vulnerability date.