IBM WebSphere Application Server IVT Cross Site Scripting Vulnerability Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will let attackers to conduct cross-site scripting attacks. Impact Level: Application

Solution

Upgrade to version 6.1.0.41 or 7.0.0.19 or later, For updates refer to http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24031034

Insight

The flaw is due to an error in Installation Verification Test (IVT) application in the Install component, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected

IBM WebSphere Application Server (WAS) version 6.1 before 6.1.0.41 IBM WebSphere Application Server (WAS) version 7.0 before 7.0.0.19

References

http://xforce.iss.net/xforce/xfdb/69731

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-1362
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

IBM WebSphere Application Server Hash Collisions DOS Vulnerability
IBM WebSphere Application Server 'plugin-key.kdb' Information Disclosure Vulnerability
CommuniGate Pro Web Mail URI Parsing HTML Injection Vulnerability
Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability

Take action and discover your vulnerabilities