Security

From CMOD.wiki
Revision as of 12:56, 29 April 2015 by Jderrick (talk | contribs) (Added Websphere vulnerability.)
Jump to navigation Jump to search

April 2015

Websphere

A security vulnerability in Websphere Application Server (WAS) was announced that affects multiple versions, and allows the remote exploitation of the management interface of WAS, up to and including remote code execution. This may affect IBM Content Manager OnDemand customers using IBM Content Navigator, which uses WAS as a requisite.

http://www-01.ibm.com/support/docview.wss?uid=swg21883573

IBM Content Navigator

There were two security bulletins issued April 2nd for Content Navigator ("ICN"), and ICN 2.0.3 FixPack 3 released April 1st (no joke!).

Security Bulletin: IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input

http://www-01.ibm.com/support/docview.wss?uid=swg21700205

Security Bulletin: IBM Content Navigator affected by dojox/form/resources/*.swf and dojox/av/resources/*.swf XSS vulnerability

http://www-01.ibm.com/support/docview.wss?uid=swg21696244

Here's the FixPack announcement:

http://www-01.ibm.com/support/knowledgecenter/SSEUEX_2.0.3/readme/icn_fixpack2.0.3.300_readme.html


Retrieved from "https://CMOD.wiki/index.php?title=Security&oldid=173"