You are here

U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities

June 8, 2012 - 7:00am

Addthis

PROBLEM:

Multiple vulnerabilities have been reported in IBM WebSphere Sensor Events

PLATFORM:

IBM WebSphere Sensor Events 7.x

ABSTRACT:

Some vulnerabilites have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks.

Reference Links:

Secunia ID 49413
No CVE references.
Vendor URL

IMPACT ASSESSMENT:

Medium

Discussion:

1) An unspecified error exists related to directory traversal. No further information is currently available.

An unspecified error exists related to HTTP methods. No further information is currently available.

Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Certain unspecified input is not properly sanitised in deferredView.jsp before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Certain unspecified input is not properly sanitised in searchView.jsp before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 7.0 running on AIX (64-bit), Linux, and Windows.

Solution:

Install interim fixes IC83621 and IC83623.

Addthis