IBM Support

Multiple reflected Cross Site Scripting (XSS) security vulnerabilities in InfoSphere Guardium (CVE-2012-3341)

Flashes (Alerts)


Abstract

Multiple vulnerabilities in several files allow remote attackers to inject arbitrary web script or HTML

Content

VULNERABILITY DETAILS:
CVE ID: CVE-2012- 3341

DESCRIPTION:
Cross-Site Scripting Issues. More XSS filters are needed. Also two new cli commands

CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/78294 for the current score
CVSS Environmental Score*: Undefined

AFFECTED PLATFORMS:
IBM InfoSphere Guardium 8.2 and earlier

REMEDIATION:
Apply the patch for password disclosure which is available within the latest GPU for all versions.

As of August 24, 2012, the latest Guardium patches and GPU fixpacks for all versions are available through FixCentral.
 
these cli commands are then available

Store command

Use this CLI command to enable or disable the Cross-Site Scripting (XSS) status. This option is enabled by default on upgraded systems.

Syntax


store gui xss_status [ on | off ]



Show command

show gui xss_status



REFERENCES:
· On-line Calculator V2
· X-Force Vulnerability Database
· CVE-2012-3312

RELATED INFORMATION:
· IBM Secure Engineering Web Portal
· IBM Product Security Incident Response Blog

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"8.2;8.0.1;8.0;7.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
25 September 2022

UID

swg21611131