CVE-2010-0714

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 5.1.0.0 through 5.1.0.5 IBM WebSphere Portal versions 6.0.0.0 through 6.0.0.4 IBM WebSphere Portal versions 6.0.1.0 through 6.0.1.7 IBM WebSphere Portal versions 6.1.0.0 through 6.1.0.3 IBM WebSphere Portal version 6.1.5.0 IBM Lotus Web Content Management (WCM) versions 5.1.0.0 through 5.1.0.5 IBM Lotus Web Content Management (WCM) versions 6.0.0.0 through 6.0.0.4 IBM Lotus Web Content Management (WCM) versions 6.0.1.0 through 6.0.1.7 IBM Lotus Web Content Management (WCM) versions 6.1.0.0 through 6.1.0.3 IBM Lotus Web Content Management (WCM) version 6.1.5.0 IBM Lotus Workplace Web Content Management versions 5.1.0.0 through 5.1.0.5 IBM Lotus Workplace Web Content Management versions 6.0.0.0 through 6.0.0.4 IBM Lotus Workplace Web Content Management versions 6.0.1.0 through 6.0.1.7 IBM Lotus Workplace Web Content Management versions 6.1.0.0 through 6.1.0.3 IBM Lotus Workplace Web Content Management version 6.1.5.0 IBM Lotus Quickr services version 8.0 IBM Lotus Quickr services version 8.0.0.2 IBM Lotus Quickr services version 8.1 IBM Lotus Quickr services version 8.1.1 IBM Lotus Quickr services version 8.1.1.1

Description A cross-site scripting (XSS) issue exists in the login.jsp file of the affected software, allowing remote attackers to inject arbitrary web script or HTML via the query string. This could potentially lead to unauthorized actions on the affected system.

Recommendations For IBM WebSphere Portal versions 5.1.0.0 through 5.1.0.5, update to a version outside of this range. For IBM WebSphere Portal versions 6.0.0.0 through 6.0.0.4, update to a version outside of this range. For IBM WebSphere Portal versions 6.0.1.0 through 6.0.1.7, update to a version outside of this range. For IBM WebSphere Portal versions 6.1.0.0 through 6.1.0.3, update to a version outside of this range. For IBM WebSphere Portal version 6.1.5.0, update to a version outside of this range. For IBM Lotus Web Content Management (WCM) versions 5.1.0.0 through 5.1.0.5, update to a version outside of this range. For IBM Lotus Web Content Management (WCM) versions 6.0.0.0 through 6.0.0.4, update to a version outside of this range. For IBM Lotus Web Content Management (WCM) versions 6.0.1.0 through 6.0.1.7, update to a version outside of this range. For IBM Lotus Web Content Management (WCM) versions 6.1.0.0 through 6.1.0.3, update to a version outside of this range. For IBM Lotus Web Content Management (WCM) version 6.1.5.0, update to a version outside of this range. For IBM Lotus Workplace Web Content Management versions 5.1.0.0 through 5.1.0.5, update to a version outside of this range. For IBM Lotus Workplace Web Content Management versions 6.0.0.0 through 6.0.0.4, update to a version outside of this range. For IBM Lotus Workplace Web Content Management versions 6.0.1.0 through 6.0.1.7, update to a version outside of this range. For IBM Lotus Workplace Web Content Management versions 6.1.0.0 through 6.1.0.3, update to a version outside of this range. For IBM Lotus Workplace Web Content Management version 6.1.5.0, update to a version outside of this range. For IBM Lotus Quickr services version 8.0, update to a version outside of this range. For IBM Lotus Quickr services version 8.0.0.2, update to a version outside of this range. For IBM Lotus Quickr services version 8.1, update to a version outside of this range. For IBM Lotus Quickr services version 8.1.1, update to a version outside of this range. For IBM Lotus Quickr services version 8.1.1.1, update to a version outside of this range. As a temporary workaround, consider restricting access to the login.jsp file until a patch is available.