IBM Rational Application Developer for WebSphere Software Dojo Toolkit Cross-Site Scripting Vulnerabilities


Description   IBM has acknowledged multiple vulnerabilities in IBM Rational Application Developer for WebSphere Software, which can be exploited by malicious people to conduct cross-site scripting attacks.
For more information:
SA62590
The vulnerabilities are reported in versions 8.0 and 8.5.
     
Vulnerable Products   Vulnerable Software:
IBM Rational Application Developer for WebSphere Software 8.x
     
Solution   Apply APAR PI40108.
     
CVE   CVE-2014-8917
     
References   IBM (PI40108):
http://www.ibm.com/support/docview.wss?uid=swg21883926
http://www.ibm.com/support/docview.wss?uid=swg24039908
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : javascript code in flash clickTAG parameter
3.2.0
XSS - Prevention - GET : 'script' tag in flash clickTAG parameter
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2015-05-08 

 Target Type 
Client 

 Possible exploit 
Remote