PT-2016-6746 · Ibm · Ibm Filenet Workplace
Roshan Thomas
·
Publicado
2016-11-25
·
Atualizado
2016-11-28
·
CVE-2016-5981
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM FileNet Workplace XT versions 1.1.5.2-WPXT-LA011 and earlier
IBM FileNet Workplace (Application Engine) versions 4.0.2.14-P8AE-IF001 and earlier
Description
The issue is related to a cross-site scripting (XSS) vulnerability. This occurs when the RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allowing remote attackers to inject arbitrary web script or HTML.
Recommendations
For IBM FileNet Workplace XT versions 1.1.5.2-WPXT-LA011 and earlier, ensure proper configuration of RegExpSecurityFilter and ScriptSecurityFilter to prevent XSS attacks.
For IBM FileNet Workplace (Application Engine) versions 4.0.2.14-P8AE-IF001 and earlier, ensure proper configuration of RegExpSecurityFilter and ScriptSecurityFilter to prevent XSS attacks.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Filenet Workplace