CVE-2010-2433

Name of the Vulnerable Software and Affected Versions IBM WebSphere ILOG JRules version 6.7

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via an RTS URL to specific endpoints, including (1) "explore/explore.jsp", (2) "compose/compose.jsp", or (3) "home.jsp" in "faces/".

Recommendations For IBM WebSphere ILOG JRules version 6.7, consider restricting access to the vulnerable explore.jsp, compose.jsp, and home.jsp endpoints in the "faces/" directory until a patch is available. Avoid using RTS URLs that could lead to the injection of arbitrary web script or HTML. At the moment, there is no information about a newer version that contains a fix for this vulnerability.