CVE-2012-3341

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Guardium versions 7.0 through 8.2

Description The issue is caused by improper validation of user-supplied input, leading to cross-site scripting. A remote attacker could exploit this using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. This could allow an attacker to steal the victim's cookie-based authentication credentials.

Recommendations For versions 7.0 through 8.2, consider disabling the use of user-supplied input in URLs to minimize the risk of exploitation until a patch is available. Restrict access to sensitive areas of the Web site to prevent potential attackers from stealing cookie-based authentication credentials.