Multiple security vulnerabilities in IBM WebSphere Sensor Events

Release date:
Updated on:

Affected Systems:
IBM WebSphere Sensor Events 7.x
Description:
--------------------------------------------------------------------------------
IBM WebSphere Sensor Events is a middleware product platform designed and developed for Sensor solutions.

The IBM WebSphere Sensor Events 7.0 running on AIX (64-bit), Linux, and Windows has multiple vulnerabilities, which can be exploited by malicious users to perform cross-site scripting attacks.

1) directory traversal errors.

2) HTTP Method errors.

3) Some inputs are not correctly verified before being returned to the user.

4) Some inputs in deferredView. jsp are not correctly verified before being returned to the user.

5) some inputs in searchView. jsp are not correctly verified before being returned to the user.

<* Source: vendor

Link: http://secunia.com/advisories/49413/
Http://www-304.ibm.com/support/docview.wss? Uid = swg24032733
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

IBM
---
For this reason, IBM has released a Security Bulletin (4032733) and corresponding patches:

4032733: WebSphere Sensor Events interim fixes-IC83621 and IC83623

Link: http://www-304.ibm.com/support/docview.wss? Uid = swg24032733