A “Clickjacking” security vulnerability affects the IBM Content Navigator toolkit which is used by the Administration Console for Content Engine (ACCE) tool. This tool is packaged with both the FileNet Content Manager and IBM Content Foundation products. The Administration Console for Content Platform Engine (ACCE) application URL can be opened within a frame in a web page. In this context it is possible for the containing parent frame to record user input to the contained frame, capturing sensitive information like login credentials. The attack requires that a user be tricked into opening a page provided by an attacker.
CVE(s): CVE-2013-5462
Affected product(s) and affected version(s):
FileNet Content Manager 5.2.0
IBM Content Foundation 5.2.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2jeJZ6P
X-Force Database: http://ift.tt/2k3kDxm
from IBM Product Security Incident Response Team http://ift.tt/2jeH3r9
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.