IBM Lotus Notes Web application input verification Cross-Site Scripting Vulnerability

Release date:
Updated on:

Affected Systems:
IBM Lotus Notes 8.5.3 Fix Pack 2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56944
CVE (CAN) ID: CVE-2012-4846

IBM Lotus Notes is a desktop client that provides users with single-point access, helping them create, query, and share knowledge, collaborate with teams, and take appropriate actions.

The cross-site scripting vulnerability exists when IBM Lotus Notes 8.5.3 Fix Pack 2 and earlier versions do not properly filter user input when accessing Web applications. Attackers can exploit this vulnerability to read or set cookie values and execute arbitrary script code in the target browser.

<* Source: vendor

Link: http://securitytracker.com/id/1027887
Http://osvdb.org/88429
Http://secunia.com/advisories/51593/
Http://www-01.ibm.com/support/docview.wss? Uid = swg21619604
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

IBM
---
For this reason, IBM has released a Security Bulletin (swg21619604) and corresponding patches:

Swg21619604: Security Bulletin: IBM Lotus Notes Web application vulnerability (CVE-2012-4846)

Link: http://www-01.ibm.com/support/docview.wss? Uid = swg21619604

Patch download: http://www.ibm.com/support/docview.wss? Uid = swg24032242