• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • IBM Patches WebSphere Portal XSS Vulnerability

    June 7, 2011 Alex Woodie

    Organizations running WebSphere Portal versions 6 and 7 are encouraged to apply an IBM patch to fix a cross-site scripting (XSS) vulnerability that could allow an attacker to run arbitrary HTML and script code in a user’s Web browser. The vulnerability, which was revealed in late May, affects WebSphere Portal 7 running on several operating systems, including IBM i.

    According to IBM’s Internet Security Systems‘ X-Force database, which can be accessed at xforce.iss.net/xforce/xfdb/67594, the XSS vulnerability stems from the failure to properly sanitize user input in the search center component of a WebSphere Portal application. This vulnerability could be exploited by an attacker to execute arbitrary HTML, run a script, or even steal the victim’s cookie-based authentication credentials. X-Force says the exploitability of the vulnerability is “high,” although it contained a “medium” level of complexity.

    The vulnerability was given a “less critical” severity rating by Secunia in its SA44700 advisory. According to Secunia, the vulnerability affects WebSphere Portal version 6 and 7 running on IBM i, AIX, Linux, Solaris, Windows, and z/OS.

    The patch for the XSS vulnerability is contained in the latest Combined Cumulative Fix, CF004, which was released May 23. For more information on CF004, see www-304.ibm.com/support/docview.wss?uid=swg24029452.

    RELATED STORIES

    Hackers Escalate Web Site Attacks, Despite Decline in Security Vulnerabilities

    IBM Patches Security Flaw in Quickr for i5/OS

    Security Vulnerability Reported in i5/OS



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    ARCAD Software

    [Webinar Series] Demystifying DevOps on the IBM i

    Join us for a 3-part “Live” Roundtable webinar series as we demystify DevOps on the IBM i.  We’ll start with discussions on Git and the IBM i and developer tool options.  Next, we will cover Branch Management and Builds. We’ll end with discussions on an Automated DevOps Workflow.  It will be an informative series on modernizing the IBM i development process. Our speakers will address your questions and share their years of experience and best practices.

    Register NOW

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    Profound Logic Software:  FREE Webinar: RPG Open Access and Rich Display Files. June 9
    SEQUEL Software:  View the recorded Webinar: 10 Ways SEQUEL Makes Developers More Productive
    RJS Software Systems:  Go paperless, automate business process and save money

    IT Jungle Store Top Book Picks

    BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

    The iSeries Express Web Implementer's Guide: List Price, $49.95
    The iSeries Pocket Database Guide: List Price, $59
    The iSeries Pocket SQL Guide: List Price, $59
    The iSeries Pocket WebFacing Primer: List Price, $39
    Migrating to WebSphere Express for iSeries: List Price, $49
    Getting Started with WebSphere Express for iSeries: List Price, $49
    The All-Everything Operating System: List Price, $35
    The Best Joomla! Tutorial Ever!: List Price, $19.95

    IBM Adds SupportLine for Power Systems Blades ILE: Decisions, Decisions, Part 1

    Leave a Reply Cancel reply

Volume 11, Number 20 -- June 7, 2011
THIS ISSUE SPONSORED BY:

ASNA
PowerTech
ManageEngine
Computer Keyes
VAULT400

Table of Contents

  • Zend Server for IBM i 5.1 Introduces New Toolkit
  • Visual LANSA Apps Now Deploy to Mobile Devices
  • Agilysys to Sell Server and Services Biz, Focus on Software
  • Real Vision Delivers iPad App for IBM i Imaging System
  • IBM Patches WebSphere Portal XSS Vulnerability
  • PowerTech’s IBM i Security Conference Slated for September
  • Bytware Releases Japanese Versions of Messaging Products
  • Maintec Launches ‘Graveyard Shift’ Outsourcing Service
  • CCSS Picked by Hospital Serving Mississippi’s ‘Golden Triangle’
  • MyEclipse Blue Edition 9.0 Offers RAD Alternative

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • The IBM i Power10 Upgrade Cycle Forecast Looks Favorable
  • White Hats Completely Dismantle Menu-Based Security
  • Cloud Software To Drive Enterprise Application Growth
  • How Do You Stay In Touch With The IBM i Community?
  • IBM i PTF Guide, Volume 25, Number 6
  • Security Still Top Concern, IBM i Marketplace Study Says
  • Bob Langieri Shares IBM i Career Trends Outlook for 2023
  • Kisco Brings Native SMS Messaging to IBM i
  • Four Hundred Monitor, February 1
  • 2023 IBM i Predictions, Part 4

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.