Release date:
Updated on:
Affected Systems:
IBM Websphere Application Server <8.0.0.4
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54819
IBM WebSphere Application Server (WAS) is an Application Server developed and released by IBM in compliance with open standards.
Some inputs in the IBM WebSphere Application Server Version Management Console earlier than 8.0.0.4 are returned to the user if they are not properly filtered. attackers can execute arbitrary HTML and script code in the user browser of the affected site.
<* Source: IBM (ncsupp@ca.ibm.com)
Link: http://secunia.com/advisories/50180/
Http://www-01.ibm.com/support/docview.wss? Uid = swg27022958
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ers.ibm.com/