• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • IBM Patches Security Flaw in Quickr for i5/OS

    February 26, 2008 Alex Woodie

    IBM has issued a patch for a cross-site scripting security vulnerability in Lotus Quickr for i5/OS, the computer security research and development company Secunia reported last week. The flaw was given a “less critical” rating. Meanwhile, another security flaw in i5/OS reported earlier this month has been partially patched by IBM.

    According to a Secunia advisory published last week, a security vulnerability in Lotus Quickr for i5/OS version 8 can be exploited by hackers to conduct cross-site scripting attacks. The problem is the result of not properly validating certain input before it’s returned to a user when anonymous access is disabled on HTTP ports, Secunia says. As a result, hackers can execute arbitrary HTML or inject malicious code or scripts into the Web pages viewed by others.

    The vulnerability is reported in Lotus Quickr for i5/OS versions prior to 8.0.0.2 Hotfix 11 on Domino version 7.0.2, according to Secunia. The problem is resolved with the application of Hotfix 11 for Lotus Quickr for i5/OS.

    The discovery of the cross-site scripting flaw in Lotus Quickr for i5/OS led to the discovery of another cross-site scripting flaw in Lotus Quickr version 8 and Lotus QuickPlace version 7, according to Secunia. The security firm says an Avnet researcher found a problem with the way the products handle the “OpenDocument” command. The flaw was reported just yesterday, and is currently marked as not patched.

    This is the second reported security flaw in i5/OS or an IBM i5/OS application this month. In early February, IBM reported a flaw in the HTTP Server in i5/OS V5R3 and V5R4 that could lead to cross-site scripting attacks. That flaw was patched for V5R3 by IBM a week and a half ago, according to Secunia, but not for V5R4.

    Lotus Quickr is one of a new class of Web 2.0 applications to make their way to the System i platform. The product, which was launched last June to much IBM fanfare, is designed to allow business users to view, edit, share, and distribute their documents and ideas using Web 2.0-style interfaces, such as blogs, wikis, and RSS feeds, along with their Lotus or Microsoft e-mail.

    RELATED STORIES

    Security Vulnerability Reported in i5/OS

    Lotus Quickr Now Available from IBM



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Rocket Software

    Meet digital age demands while maximizing your IT investment.

    Future-proof your mission-critical applications with Rocket® Solutions for IBM® i that keep your business ahead of the curve.

    Learn More

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    COMMON:  Join us at the annual 2008 conference, March 30 - April 3, in Nashville, Tennessee
    Northeast User Groups:  18th Annual Conference, April 14-16, 2008, Sheraton Hotel, Framingham, MA
    Vision Solutions:  Disaster Recovery and Compliance – Get the Free e-Book!

    IT Jungle Store Top Book Picks

    Getting Started with PHP for i5/OS: List Price, $59.95
    The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
    The System i Pocket RPG & RPG IV Guide: List Price, $69.95
    The iSeries Pocket Database Guide: List Price, $59.00
    The iSeries Pocket Developers' Guide: List Price, $59.00
    The iSeries Pocket SQL Guide: List Price, $59.00
    The iSeries Pocket Query Guide: List Price, $49.00
    The iSeries Pocket WebFacing Primer: List Price, $39.00
    Migrating to WebSphere Express for iSeries: List Price, $49.00
    iSeries Express Web Implementer's Guide: List Price, $59.00
    Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
    Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
    Getting Started with WebSphere Express for iSeries: List Price, $49.00
    WebFacing Application Design and Development Guide: List Price, $55.00
    Can the AS/400 Survive IBM?: List Price, $49.00
    The All-Everything Machine: List Price, $29.95
    Chip Wars: List Price, $29.95

    Majority of IT Managers Planning for Windows Server 2008, Survey Says XAMPP: The PHP Developer’s Dream

    Leave a Reply Cancel reply

Volume 8, Number 8 -- February 26, 2008
THIS ISSUE SPONSORED BY:

New Generation Software
Aldon
Seagull Software
Aura Equipments
RJS Software Systems

Table of Contents

  • JDA Focuses on ‘Slow and Erratic’ Product Forecasting with E3
  • Help/Systems Gives SEQUEL a Web Makeover
  • i5/OS V6R1 Compatibility an Issue for Software Vendors
  • IBM Patches Security Flaw in Quickr for i5/OS
  • BOSaNOVA Adds Encryption to Thin Clients
  • Symtrax Seals Deal with Attractive Pricing
  • iWay Adds File Transfer to SOA Suite
  • Magic to Help ISVs Move to SaaS
  • Informatica Launches Data Migration Suite
  • HiT Takes IT Solutions to South America

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • POWERUp 2025 –Your Source For IBM i 7.6 Information
  • Maxava Consulting Services Does More Than HA/DR Project Management – A Lot More
  • Guru: Creating An SQL Stored Procedure That Returns A Result Set
  • As I See It: At Any Cost
  • IBM i PTF Guide, Volume 27, Number 19
  • IBM Unveils Manzan, A New Open Source Event Monitor For IBM i
  • Say Goodbye To Downtime: Update Your Database Without Taking Your Business Offline
  • i-Rays Brings Observability To IBM i Performance Problems
  • Another Non-TR “Technology Refresh” Happens With IBM i TR6
  • IBM i PTF Guide, Volume 27, Number 18

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle