PT-2012-3845 · Ibm · Ibm Spss Data Collection Developer Library+2
Publicado
2012-06-20
·
Atualizado
2017-08-29
·
CVE-2012-2161
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Eclipse Help System (IEHS) versions 7.x through 8.5
IBM Security AppScan Source versions 7.x through 8.5
IBM SPSS Data Collection Developer Library versions 6.0 through 6.0.1
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. This affects the deferredView.jsp file in the IBM Eclipse Help System.
Recommendations
For IBM Eclipse Help System (IEHS) versions 7.x through 8.5, update to version 8.6 or later.
For IBM Security AppScan Source versions 7.x through 8.5, update to version 8.6 or later.
For IBM SPSS Data Collection Developer Library versions 6.0 through 6.0.1, consider disabling access to the deferredView.jsp file until a patch is available.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Eclipse Help System
Ibm Spss Data Collection Developer Library
Ibm Security Appscan Source