InfoSphere Master Data Management Collaboration Server

by Carol~ Moderator - 2/11/13 7:24 AM

In Reply to: VULNERABILITIES / FIXES - February 11. 2013 by Carol~ Moderator

InfoSphere Master Data Management Collaboration Server Multiple Vulnerabilities

Release Date : 2013-02-11

Criticality level : Less critical
Impact : Cross Site Scripting
Spoofing
Where : From remote
Solution Status : Vendor Patch

Software:
InfoSphere Master Data Management Collaboration Server 10.x
InfoSphere Master Data Management Collaboration Server 6.x
InfoSphere Master Data Management Collaboration Server 9.x

Description:
Some weaknesses and a vulnerability have been reported in InfoSphere Master Data Management Collaboration Server, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.

1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Certain unspecified input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

The weaknesses and vulnerability are reported in versions 6.0, 9.0, 9.1, 10.0, and 10.1.

Solution:
Apply updates.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.ibm.com/support/docview.wss?uid=swg21624952

http://secunia.com/advisories/52140/