Announcement Announcement Module
Collapse
No announcement yet.
Multiple Cross-site scripting vulnerabilities in IBM Tivoli NetCool OMNIbus WebGUI Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple Cross-site scripting vulnerabilities in IBM Tivoli NetCool OMNIbus WebGUI

    Multiple Cross-site scripting vulnerabilities in IBM Tivoli NetCool OMNIbus WebGUI


    Severity Rating: Medium

    Systems Affected

    • IBM Tivoli Netcool/OMNIbus_GUI 7.4 .0 before Fix Pack 2


    Overview

    Multiple vulnerabilities have been reported in IBM Tivoli NetCool OMNIbus WebGUI which could be exploited by remote attacker to steal cookie-based authentication credentials.

    Description

    Cross-site scripting vulnerabilities exist in web GUI URLs webtop/eventviewer/eventViewer.jsp due to improper validation ofuser-supplied input which could allow remote attacker to inject arbitrary web script or HTML by enticing the victim to visit specially crafted URL.
    Successful exploitation of these vulnerabilities could lead to disclosure of cookie-based authentication credentials which may allow manipulation of certain data.



    Solution
    Apply appropriate patches as mentioned in the IBM Security Bulletin
    http://www-01.ibm.com/support/docvie...id=swg21671686

    Vendor Information
    IBM
    http://www-01.ibm.com/support/docvie...id=swg21671686
    http://www-01.ibm.com/support/docvie...id=swg24035243

    References
    XForce
    http://xforce.iss.net/xforce/xfdb/92401
    http://xforce.iss.net/xforce/xfdb/92400
Tag Cloud Tag Cloud Module
Collapse
Working...
X