Security Bulletin
Summary
Vulnerability in Eclipse Help System (CVE-2013-0464) and potential security exposure with IBM WebSphere Application Server after installing PM44303 (CVE-2012-3325).
Vulnerability Details
CVE ID: CVE-2013-0464
Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
Problem Description
IBM Eclipse Help System, as used in multiple IBM products, is vulnerable to cross-site scripting. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
**************************************************************************************************************************
Potential security exposure with IBM WebSphere Application Server after installing PM44303 (CVE-2012-3325)
Abstract
After installing an Interim Fix for PM44303 or a Fix Pack containing PM44303, there is a potential security exposure with IBM WebSphere Application Server.
Content
CVE ID: CVE-2012-3325 (PM71296)
Problem Description:
If you have installed an Interim Fix for PM44303 or a Fix Pack listed above, you have the potential for an authenticated user to bypass security restrictions, caused by an error when validating user credentials. This could allow a user to gain unauthorized administrative access to an application and potentially gain access to confidential and critical customer data.
Remediation/Fixes
For CVE-2012-3325 review Potential security exposure with IBM WebSphere Application Server after installing PM44303 for the solution.
Get Notified about Future Security Bulletins
References
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
Security Bulletin: Vulnerability in IBM SPSS Data Collection due to issues in Eclipse Help System (CVE-2013-0464, CVE-2013-0467) - http://www.ibm.com/support/docview.wss?uid=swg21637954
IBM Divested moved to UNICOM company. The issue is due to Eclipse, hence updating.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21646737