IBM eDiscovery Manager Dojo Toolkit Cross-Site Scripting Vulnerabilities


Description   IBM has acknowledged multiple vulnerabilities in IBM eDiscovery Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
For more information:
SA62590
The vulnerabilities are reported in versions 2.1, 2.1.1, 2.2, 2.2.1, and 2.2.2 running on AIX, Windows 2008 server, and Windows 2012 server.
     
Vulnerable Products   Vulnerable Software:
IBM eDiscovery Manager 2.x
     
Solution   Apply fix (please see the vendor's advisory for details).
     
CVE   CVE-2014-8917
     
References   http://www.ibm.com/support/docview.wss?uid=swg21694670
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : javascript code in flash clickTAG parameter
3.2.0
XSS - Prevention - GET : 'script' tag in flash clickTAG parameter
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2015-05-07 

 Target Type 
Client 

 Possible exploit 
Remote