IBM Social Media Analytics Multiple Cross-Site Scripting Vulnerabilities


Description   Multiple vulnerabilities have been reported in IBM Social Media Analytics, which can be exploited by malicious people to conduct cross-site scripting attacks.
Certain input passed to dojox/form/resources/upload.swf, dojox/form/resources/fileupload.swf, dojox/av/resources/audio.swf, and dojox/av/resources/video.swf is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in versions prior to 1.3 IF11.
     
Vulnerable Products   Vulnerable Software:
IBM Social Media Analytics 1.x
     
Solution   Update to version 1.3 IF11.
     
CVE   CVE-2014-8917
     
References   IBM:
http://www.ibm.com/support/docview.wss?uid=swg21694693
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : javascript code in flash clickTAG parameter
3.2.0
XSS - Prevention - GET : 'script' tag in flash clickTAG parameter
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2015-01-23 

 Target Type 
Server 

 Possible exploit 
Remote