Cross-site scripting (XSS) vulnerability in Lotus Quickr 8.1 services

Technote (troubleshooting)


Problem

There is a potential cross-site scripting (XSS) vulnerability in Lotus Quickr 8.1 services for IBM WebSphere Portal.

Secunia issued an advisory on September 28, 2009, based on APAR #LO36646. The Secunia advisory can be accessed at http://secunia.com/advisories/36899/.


Resolving the problem

This issue was originally reported to Quality Engineering and was resolved in iFix #LO36646.


LO36646 is included in the cumulative Document Manager Library iFixes available on IBM Fix Central. You can use the "APAR or SPR" search feature on Fix Central to identify and download the latest fix package that includes APAR LO36646.


Security rating using Common Vulnerability Scoring System (CVSS) v2
CVSS Base Score: <5>
---- Impact Subscore: <2.9>
---- Exploitability Subscore: <10>
CVSS Temporal Score: <3.9>
CVSS Environmental Score: <Undefined*>
Overall CVSS Score: <3.9>
Base Score Metrics:
  • Related exploit range/Attack Vector: <Network>
  • Access Complexity: <Low>
  • Authentication <None>
  • Confidentiality Impact: <Partial>
  • Integrity Impact: <None>
  • Availability Impact: <None>
Temporal Score Metrics:
  • Exploitability: <Proof of Concept Code>
  • Remediation Level: <Official Fix>
  • Report Confidence: <Confirmed>
References:

*The CVSS Environment Score is customer environment-specific and will ultimately impact the overall CVSS score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Lotus End of Support Products
Lotus Quickr for WebSphere Portal

Software version:

8.0, 8.0.0.2, 8.1, 8.1.1

Operating system(s):

AIX, Linux, Windows

Reference #:

1405163

Modified date:

2009-12-07

Translate my page

Machine Translation

Content navigation