Difference between revisions of "Security"

Revision as of 12:56, 29 April 2015

April 2015

Websphere

A security vulnerability in Websphere Application Server (WAS) was announced that affects multiple versions, and allows the remote exploitation of the management interface of WAS, up to and including remote code execution. This may affect IBM Content Manager OnDemand customers using IBM Content Navigator, which uses WAS as a requisite.

http://www-01.ibm.com/support/docview.wss?uid=swg21883573

IBM Content Navigator

There were two security bulletins issued April 2nd for Content Navigator ("ICN"), and ICN 2.0.3 FixPack 3 released April 1st (no joke!).

Security Bulletin: IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input

http://www-01.ibm.com/support/docview.wss?uid=swg21700205

Security Bulletin: IBM Content Navigator affected by dojox/form/resources/*.swf and dojox/av/resources/*.swf XSS vulnerability

http://www-01.ibm.com/support/docview.wss?uid=swg21696244

Here's the FixPack announcement:

http://www-01.ibm.com/support/knowledgecenter/SSEUEX_2.0.3/readme/icn_fixpack2.0.3.300_readme.html

@@ Line 1: / Line 1: @@
 == April 2015==
+=== Websphere ===
+A security vulnerability in Websphere Application Server (WAS) was announced that affects multiple versions, and allows the remote exploitation of the management interface of WAS, up to and including remote code execution.  This may affect IBM Content Manager OnDemand customers using IBM Content Navigator, which uses WAS as a requisite.
+http://www-01.ibm.com/support/docview.wss?uid=swg21883573
+----
+=== IBM Content Navigator ===
 There were two security bulletins issued April 2nd for Content Navigator ("ICN"), and ICN 2.0.3 FixPack 3 released April 1st (no joke!).

Difference between revisions of "Security"

Revision as of 12:56, 29 April 2015

April 2015

Websphere

IBM Content Navigator

Navigation menu

Search