IBM WebSphere Sensor Events Multiple Vulnerabilities
Last Update Date:
8 Jun 2012 10:04
Release Date:
8 Jun 2012
5662
Views
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities have been identfied in IBM WebSphere Sensor Events, where some have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks.
- An unspecified error exists related to directory traversal.
- An unspecified error exists related to HTTP methods.
- Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
- Certain unspecified input is not properly sanitised in deferredView.jsp before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
- Certain unspecified input is not properly sanitised in searchView.jsp before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact
- Cross-Site Scripting
- Information Disclosure
System / Technologies affected
- IBM WebSphere Sensor Events 7.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Install interim fixes IC83621 and IC83623.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with