Jul 16, 2020 8:01 pm EDT
Categorized: Medium Severity
Share this post:
Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the services listing page. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Control Center | 6.1.3.0 |
| IBM Control Center | 6.1.2.1 |
| IBM Control Center | 6.0.0.2 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6249995
from IBM Product Security Incident Response Team https://ift.tt/2Wo4Ivu
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.