Description
|
|
A security issue and a vulnerability have been reported in IBM WebSphere Lombardi Edition, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) The application does not properly restrict access to certain services, which can be exploited to gain access to otherwise restricted services by invoking a service using the executeServiceByName URL.
The security issue and vulnerability are reported in versions 7.2.x.
|