Security

From CMOD.wiki

Revision as of 18:07, 20 August 2024 by Jderrick (talk | contribs) (Updated link to the OnDemand User Group.)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

IBM CMOD Security

April 2018

April 27th, 2018 - IBM CMOD Security Bulletin - IBM CMOD Security Bulletin ODUG Forum Discussion

April 2015

Websphere

A security vulnerability in Websphere Application Server (WAS) was announced that affects multiple versions, and allows the remote exploitation of the management interface of WAS, up to and including remote code execution. This may affect IBM Content Manager OnDemand customers using IBM Content Navigator, which uses WAS as a requisite.

http://www-01.ibm.com/support/docview.wss?uid=swg21883573

IBM Content Navigator

There were two security bulletins issued April 2nd for Content Navigator ("ICN"), and ICN 2.0.3 FixPack 3 released April 1st (no joke!).

Security Bulletin: IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input

http://www-01.ibm.com/support/docview.wss?uid=swg21700205

Security Bulletin: IBM Content Navigator affected by dojox/form/resources/*.swf and dojox/av/resources/*.swf XSS vulnerability

http://www-01.ibm.com/support/docview.wss?uid=swg21696244

Here's the FixPack announcement:

http://www-01.ibm.com/support/knowledgecenter/SSEUEX_2.0.3/readme/icn_fixpack2.0.3.300_readme.html

Retrieved from "https://CMOD.wiki/index.php?title=Security&oldid=1120"