Release date:
Updated on:
Affected Systems:
IBM Websphere Application Server 8.x
IBM Websphere Application Server 7.x
IBM Websphere Application Server 6.x
Unaffected system:
IBM Websphere Application Server 8.0.0.4
IBM Websphere Application Server 6.1.0.45
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55149
Cve id: CVE-2012-3293
IBM WebSphere Application Server (WAS) is an Application Server developed and released by IBM in compliance with open standards.
The XSS vulnerability exists in the management console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.x, 7.0.0.25 before 7.0.x, 8.0.0.4 before 8.0.x, and 8.5.x before 8.5.0.1, remote attackers can inject arbitrary Web scripts or HTML scripts through the FRAME element of XFS.
<* Source: vendor
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ers.ibm.com/