IBM Rational Software Architect Dojo Toolkit Cross-Site Scripting Vulnerabilities


Description   IBM has acknowledged multiple vulnerabilities in IBM Rational Software Architect and IBM Rational Software Architect for WebSphere Software, which can be exploited by malicious people to conduct cross-site scripting attacks.
For more information:
SA62590
The vulnerabilities are reported in versions 8.0 through 8.0.4.2Ifix1 and 8.5 through 8.5.5.3.
     
Vulnerable Products   Vulnerable Software:
IBM Rational Software Architect 8.0.xIBM Rational Software Architect 8.5.x
     
Solution   Apply iFix.Versions 8.0 through 8.0.4.2Ifix1:Apply Rational-dojo141-CVE-2014-8917-ifix. http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Rational+Application+Developer+for+WebSphere+Software&release=8.0.4.3&platform=All&function=fixId&fixids=Rational-dojo141-CVE-2014-8917-ifix&includeSupersedes=0Versions 8.5 through 8.5.5.3:Apply Rational-dojo15-CVE-2014-8917-ifix. http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Rational+Application+Developer+for+WebSphere+Software&release=8.0.4.3&platform=All&function=fixId&fixids=Rational-dojo15-CVE-2014-8917-ifix&includeSupersedes=0
     
CVE   CVE-2014-8917
     
References   IBM:
http://www.ibm.com/support/docview.wss?uid=swg21883988
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : javascript code in flash clickTAG parameter
3.2.0
XSS - Prevention - GET : 'script' tag in flash clickTAG parameter
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2015-05-07 

 Target Type 
Client 

 Possible exploit 
Remote