Release date:
Updated on:
Affected Systems:
IBM Websphere Application Server 8.5.x
Description:
--------------------------------------------------------------------------------
IBM WebSphere Application Server (WAS) is an Application Server developed and released by IBM in compliance with open standards.
IBM WebSphere Application Server 8.5.x does not properly filter some input passed to the iehs help system and returns it to the user, which can be used to execute arbitrary HTML and script code in the user's browser.
<* Source: vendor
Link: http://secunia.com/advisories/49654/
Http://www-304.ibm.com/support/docview.wss? Uid = swg24032861
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
For this reason, IBM has released a Security Bulletin (PM62795) and corresponding patches:
PM62795: PM62795; 8.5: Code injection security problem in iehs. war
Link: http://www-304.ibm.com/support/docview.wss? Uid = swg24032861