Skip to main content


Fix Available: Security vulnerability in XML Access (Lotus Expeditor versions 6.1 and 6.2)

 Flash (Alert)
 
Abstract
IBM® has identified a serious vulnerability in IBM WebSphere® Portal in the XmlAccess component that makes it possible for remote attackers over the network to bypass normal Portal server security. Through this attack, an intruder might be able to execute administrative commands without proper authority. The XmlAccess interface is utilized by the Lotus Expeditor Network Client Installer to configure product artifacts in IBM WebSphere® Portal.
 
Content
Cause
The Authentication code of IBM WebSphere® Portal can under certain circumstances be bypassed and grant access to an administrative account without knowledge of the credentials of this account.

Solution
This issue was reported to IBM Technical Support and is already addressed in IBM WebSphere® Portal.


For information on the fix introduced in the underlying IBM Lotus Portal code, read
Fix Available: Security vulnerability in XML Access (versions 6.0, 6.1), technote 1318491.
 
Related information
Fix Available: Security vulnerability in XML Access (ve
 
 
 

Copyright and trademark information

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.

Rate this page

Please take a moment to complete this form to help us better serve you.

This material provides me with the information I need.






This material is clear and easy to understand.






Did the information help you to achieve your goal?

What updates, improvements, or related information would you like to see in this document?

Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.

Input the verification number to submit feedback:


Document information

Product categories:

Software

Mobile, Speech and Enterprise Access

Mobile and Enterprise Access

Lotus Expeditor

Server

Operating system(s):

AIX, Linux, Windows

Software version:

6.1.0, 6.1.1, 6.1.2, 6.2

Reference #:

1322256

IBM Group:

Software Group

Modified date:

2009-01-14

Translate my page

Rate this page