Multiple reflected Cross Site Scripting (XSS) security vulnerabilities in InfoSphere Guardium (CVE-2012-3341)

Flashes (Alerts)

Abstract

Multiple vulnerabilities in several files allow remote attackers to inject arbitrary web script or HTML

Content

VULNERABILITY DETAILS:
CVE ID: CVE-2012- 3341

DESCRIPTION:
Cross-Site Scripting Issues. More XSS filters are needed. Also two new cli commands

CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/78294 for the current score
CVSS Environmental Score*: Undefined

AFFECTED PLATFORMS:
IBM InfoSphere Guardium 8.2 and earlier

REMEDIATION:
Apply the patch for password disclosure which is available within the latest GPU for all versions.

As of August 24, 2012, the latest Guardium patches and GPU fixpacks for all versions are available through FixCentral.

these cli commands are then available
Store command
Use this CLI command to enable or disable the Cross-Site Scripting (XSS) status. This option is enabled by default on upgraded systems.
Syntax
store gui xss_status [ on | off ]
Show command
show gui xss_status

REFERENCES:
· On-line Calculator V2
· X-Force Vulnerability Database
· CVE-2012-3312

RELATED INFORMATION:
· IBM Secure Engineering Web Portal
· IBM Product Security Incident Response Blog

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"8.2;8.0.1;8.0;7.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Multiple reflected Cross Site Scripting (XSS) security vulnerabilities in InfoSphere Guardium (CVE-2012-3341)

Flashes (Alerts)

Abstract

Content

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?