Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Cross site scripting vulnerability in IBM WebSphere Application Server

 

Systems Affected


WebSphere Application Server 8.5.5 Liberty Profile

Threat Level


Medium


Overview


A cross site scripting vulnerability has been reported in IBM WebSphere Application Server which could allow a remote attacker to execute arbitrary code in the target user's browser.


Description


This vulnerability exists in the OpenID Connect (OIDC) client web application due to improper validation of user-supplied input.

A remote attacker could exploit this vulnerability using a specially crafted URL to execute arbitrary code in the target user's browser within the security context of the hosting Web site. This could lead to disclosure of information such as cookie-based authentication credentials.


Impact



Solution/ Workarounds


Apply appropriate patches as mentioned in IBM Security Bulletin
http://www-304.ibm.com/support/docview.wss?uid=swg21978293


References


http://www.cert-in.org.in/


Disclaimer



 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.