Release date: 2011-09-07
Updated on: 2011-09-07
Affected Systems:
IBM OpenAdmin Tool for Informix 2.x
Description:
--------------------------------------------------------------------------------
IBM OpenAdmin Tool (OAT) for Informix is a Web application for managing and analyzing IBM Informix database servers.
The IBM OpenAdmin Tool (OAT) for Informix has multiple cross-site scripting vulnerabilities. Remote attackers can exploit this vulnerability to execute cross-site scripting attacks.
Before returning data to the user, send the data to the index using the "informixserver", "host", and "port" parameters. php input is not properly filtered and can be used to execute arbitrary HTML and script code in the affected site user's browser.
<* Source: Sumit Kumar Soni
Link: http://voidroot.blogspot.com/2011/08/xss-in-ibm-open-admin-tool.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ers.ibm.com/