CVE-2009-4052

Name of the Vulnerable Software and Affected Versions IBM Rational Application Developer for WebSphere Software versions prior to 7.0.0.10 IBM Rational Software Architect versions prior to 7.0.0.10

Description The issue involves multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific vectors, including the JSF Tree Control and the JavaScript Resource Servlet.

Recommendations For IBM Rational Application Developer for WebSphere Software versions prior to 7.0.0.10, update to version 7.0.0.10 or later. For IBM Rational Software Architect versions prior to 7.0.0.10, update to version 7.0.0.10 or later.