PT-2012-3845 · Ibm · Ibm Spss Data Collection Developer Library+2
Published
2012-06-20
·
Updated
2017-08-29
·
CVE-2012-2161
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Eclipse Help System (IEHS) versions 7.x through 8.5
IBM Security AppScan Source versions 7.x through 8.5
IBM SPSS Data Collection Developer Library versions 6.0 through 6.0.1
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. This affects the deferredView.jsp file in the IBM Eclipse Help System.
Recommendations
For IBM Eclipse Help System (IEHS) versions 7.x through 8.5, update to version 8.6 or later.
For IBM Security AppScan Source versions 7.x through 8.5, update to version 8.6 or later.
For IBM SPSS Data Collection Developer Library versions 6.0 through 6.0.1, consider disabling access to the deferredView.jsp file until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Eclipse Help System
Ibm Spss Data Collection Developer Library
Ibm Security Appscan Source