PROBLEM:
Attachmate Reflection Products Java Multiple Vulnerabilities
PLATFORM:
Reflection X 2011
Reflection Suite for X 2011
Reflection for Secure IT Server for Windows
Reflection for Secure IT Client and Server for UNIX
ABSTRACT:
Security issues related to Reflection PKI Services Manager
REFERENCE LINKS:
PKI Services Manager Technical Note 2560
Secunia Advisory SA51256
CVE-2012-0551
CVE-2012-1711
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1720
CVE-2012-1721
CVE-2012-1722
CVE-2012-1723
CVE-2012-1724
CVE-2012-1725
CVE-2012-1726
IMPACT ASSESSMENT:
High
DISCUSSION:
Attachmate has acknowledged multiple vulnerabilities in some Reflection products, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
IMPACT:
Cross Site Scripting
Manipulation of data
Exposure of sensitive information
DoS
System access from remote
SOLUTION: