• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • IBM Patches WebSphere Portal XSS Vulnerability

    June 7, 2011 Alex Woodie

    Organizations running WebSphere Portal versions 6 and 7 are encouraged to apply an IBM patch to fix a cross-site scripting (XSS) vulnerability that could allow an attacker to run arbitrary HTML and script code in a user’s Web browser. The vulnerability, which was revealed in late May, affects WebSphere Portal 7 running on several operating systems, including IBM i.

    According to IBM’s Internet Security Systems‘ X-Force database, which can be accessed at xforce.iss.net/xforce/xfdb/67594, the XSS vulnerability stems from the failure to properly sanitize user input in the search center component of a WebSphere Portal application. This vulnerability could be exploited by an attacker to execute arbitrary HTML, run a script, or even steal the victim’s cookie-based authentication credentials. X-Force says the exploitability of the vulnerability is “high,” although it contained a “medium” level of complexity.

    The vulnerability was given a “less critical” severity rating by Secunia in its SA44700 advisory. According to Secunia, the vulnerability affects WebSphere Portal version 6 and 7 running on IBM i, AIX, Linux, Solaris, Windows, and z/OS.

    The patch for the XSS vulnerability is contained in the latest Combined Cumulative Fix, CF004, which was released May 23. For more information on CF004, see www-304.ibm.com/support/docview.wss?uid=swg24029452.

    RELATED STORIES

    Hackers Escalate Web Site Attacks, Despite Decline in Security Vulnerabilities

    IBM Patches Security Flaw in Quickr for i5/OS

    Security Vulnerability Reported in i5/OS



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Maxava

    Migrate IBM i with Confidence

    Tired of costly and risky migrations? Maxava Migrate Live minimizes disruption with seamless transitions.

    Upgrading to Power10, Power11, or cloud hosted system, Maxava has you covered!

    Book A Consultation Today

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    Profound Logic Software:  FREE Webinar: RPG Open Access and Rich Display Files. June 9
    SEQUEL Software:  View the recorded Webinar: 10 Ways SEQUEL Makes Developers More Productive
    RJS Software Systems:  Go paperless, automate business process and save money

    IT Jungle Store Top Book Picks

    BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

    The iSeries Express Web Implementer's Guide: List Price, $49.95
    The iSeries Pocket Database Guide: List Price, $59
    The iSeries Pocket SQL Guide: List Price, $59
    The iSeries Pocket WebFacing Primer: List Price, $39
    Migrating to WebSphere Express for iSeries: List Price, $49
    Getting Started with WebSphere Express for iSeries: List Price, $49
    The All-Everything Operating System: List Price, $35
    The Best Joomla! Tutorial Ever!: List Price, $19.95

    IBM Adds SupportLine for Power Systems Blades ILE: Decisions, Decisions, Part 1

    Leave a Reply Cancel reply

Volume 11, Number 20 -- June 7, 2011
THIS ISSUE SPONSORED BY:

ASNA
PowerTech
ManageEngine
Computer Keyes
VAULT400

Table of Contents

  • Zend Server for IBM i 5.1 Introduces New Toolkit
  • Visual LANSA Apps Now Deploy to Mobile Devices
  • Agilysys to Sell Server and Services Biz, Focus on Software
  • Real Vision Delivers iPad App for IBM i Imaging System
  • IBM Patches WebSphere Portal XSS Vulnerability
  • PowerTech’s IBM i Security Conference Slated for September
  • Bytware Releases Japanese Versions of Messaging Products
  • Maintec Launches ‘Graveyard Shift’ Outsourcing Service
  • CCSS Picked by Hospital Serving Mississippi’s ‘Golden Triangle’
  • MyEclipse Blue Edition 9.0 Offers RAD Alternative

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • With Power11, Power Systems “Go To Eleven”
  • With Subscription Price, IBM i P20 And P30 Tiers Get Bigger Bundles
  • Izzi Buys CNX, Eyes Valence Port To System Z
  • IBM i Shops “Attacking” Security Concerns, Study Shows
  • IBM i PTF Guide, Volume 27, Number 26
  • Liam Allan Shares What’s Coming Next With Code For IBM i
  • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
  • VS Code Will Be The Heart Of The Modern IBM i Platform
  • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
  • IBM i PTF Guide, Volume 27, Number 25

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle