• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • IBM Patches WebSphere Portal XSS Vulnerability

    June 7, 2011 Alex Woodie

    Organizations running WebSphere Portal versions 6 and 7 are encouraged to apply an IBM patch to fix a cross-site scripting (XSS) vulnerability that could allow an attacker to run arbitrary HTML and script code in a user’s Web browser. The vulnerability, which was revealed in late May, affects WebSphere Portal 7 running on several operating systems, including IBM i.

    According to IBM’s Internet Security Systems‘ X-Force database, which can be accessed at xforce.iss.net/xforce/xfdb/67594, the XSS vulnerability stems from the failure to properly sanitize user input in the search center component of a WebSphere Portal application. This vulnerability could be exploited by an attacker to execute arbitrary HTML, run a script, or even steal the victim’s cookie-based authentication credentials. X-Force says the exploitability of the vulnerability is “high,” although it contained a “medium” level of complexity.

    The vulnerability was given a “less critical” severity rating by Secunia in its SA44700 advisory. According to Secunia, the vulnerability affects WebSphere Portal version 6 and 7 running on IBM i, AIX, Linux, Solaris, Windows, and z/OS.

    The patch for the XSS vulnerability is contained in the latest Combined Cumulative Fix, CF004, which was released May 23. For more information on CF004, see www-304.ibm.com/support/docview.wss?uid=swg24029452.

    RELATED STORIES

    Hackers Escalate Web Site Attacks, Despite Decline in Security Vulnerabilities

    IBM Patches Security Flaw in Quickr for i5/OS

    Security Vulnerability Reported in i5/OS



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Midrange Dynamics North America

    Want to deliver DevOps on IBM i?

    DevOps enables your IBM i development teams to shorten the software development lifecycle while delivering features, fixes, and frequent updates that are closely aligned with business objectives. Flexible configuration options within MDChange make it easy to adapt to new workflow strategies and policies as you adopt DevOps practices across your organization.

    Learn More.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    Profound Logic Software:  FREE Webinar: RPG Open Access and Rich Display Files. June 9
    SEQUEL Software:  View the recorded Webinar: 10 Ways SEQUEL Makes Developers More Productive
    RJS Software Systems:  Go paperless, automate business process and save money

    IT Jungle Store Top Book Picks

    BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

    The iSeries Express Web Implementer's Guide: List Price, $49.95
    The iSeries Pocket Database Guide: List Price, $59
    The iSeries Pocket SQL Guide: List Price, $59
    The iSeries Pocket WebFacing Primer: List Price, $39
    Migrating to WebSphere Express for iSeries: List Price, $49
    Getting Started with WebSphere Express for iSeries: List Price, $49
    The All-Everything Operating System: List Price, $35
    The Best Joomla! Tutorial Ever!: List Price, $19.95

    IBM Adds SupportLine for Power Systems Blades ILE: Decisions, Decisions, Part 1

    Leave a Reply Cancel reply

Volume 11, Number 20 -- June 7, 2011
THIS ISSUE SPONSORED BY:

ASNA
PowerTech
ManageEngine
Computer Keyes
VAULT400

Table of Contents

  • Zend Server for IBM i 5.1 Introduces New Toolkit
  • Visual LANSA Apps Now Deploy to Mobile Devices
  • Agilysys to Sell Server and Services Biz, Focus on Software
  • Real Vision Delivers iPad App for IBM i Imaging System
  • IBM Patches WebSphere Portal XSS Vulnerability
  • PowerTech’s IBM i Security Conference Slated for September
  • Bytware Releases Japanese Versions of Messaging Products
  • Maintec Launches ‘Graveyard Shift’ Outsourcing Service
  • CCSS Picked by Hospital Serving Mississippi’s ‘Golden Triangle’
  • MyEclipse Blue Edition 9.0 Offers RAD Alternative

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Positive News From The Kyndryl Mainframe Modernization Report
  • NAViGATE, inPower 2025 On Tap for September 2025
  • Guru: WCA4i And Granite – Because You’ve Got Bigger Things To Build
  • As I See It: Digital Coup
  • IBM i PTF Guide, Volume 27, Number 37
  • AI Is Coming for ERP. How Will IBM i Respond?
  • The Power And Storage Price Wiggling Continues – Again
  • LaserVault Adds Multi-Path Support To ViTL
  • As I See It: Spacing Out
  • IBM i PTF Guide, Volume 27, Numbers 34, 35, And 36

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle