Difference between revisions of "Security"
(Added Websphere vulnerability.) |
(Added IBM CMOD Security Bulletin) |
||
| Line 1: | Line 1: | ||
=IBM CMOD Security= | |||
== April 2018== | |||
April 27th, 2018 - IBM CMOD Security Bulletin - [http://www.ibm.com/support/docview.wss?uid=swg22014722 IBM CMOD Security Bulletin] [http://www.odusergroup.org/forums/index.php?topic=2489.0 ODUG Forum Discussion] | |||
== April 2015== | == April 2015== | ||
Revision as of 22:15, 13 December 2019
IBM CMOD Security
April 2018
April 27th, 2018 - IBM CMOD Security Bulletin - IBM CMOD Security Bulletin ODUG Forum Discussion
April 2015
Websphere
A security vulnerability in Websphere Application Server (WAS) was announced that affects multiple versions, and allows the remote exploitation of the management interface of WAS, up to and including remote code execution. This may affect IBM Content Manager OnDemand customers using IBM Content Navigator, which uses WAS as a requisite.
http://www-01.ibm.com/support/docview.wss?uid=swg21883573
There were two security bulletins issued April 2nd for Content Navigator ("ICN"), and ICN 2.0.3 FixPack 3 released April 1st (no joke!).
Security Bulletin: IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input
http://www-01.ibm.com/support/docview.wss?uid=swg21700205
Security Bulletin: IBM Content Navigator affected by dojox/form/resources/*.swf and dojox/av/resources/*.swf XSS vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg21696244
Here's the FixPack announcement:
http://www-01.ibm.com/support/knowledgecenter/SSEUEX_2.0.3/readme/icn_fixpack2.0.3.300_readme.html