IBM InfoSphere DataStage 'LoggingViewAdmin.do' Multiple HTML Injection Vulnerabilities
BID:57981
Info
IBM InfoSphere DataStage 'LoggingViewAdmin.do' Multiple HTML Injection Vulnerabilities
| Bugtraq ID: | 57981 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 14 2013 12:00AM |
| Updated: | Feb 14 2013 12:00AM |
| Credit: | Reported by the vendor |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
IBM InfoSphere DataStage 'LoggingViewAdmin.do' Multiple HTML Injection Vulnerabilities
IBM InfoSphere DataStage is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input.
Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible.
InfoSphere DataStage 8.5 is vulnerable; other versions may also be affected.
IBM InfoSphere DataStage is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input.
Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible.
InfoSphere DataStage 8.5 is vulnerable; other versions may also be affected.
Exploit / POC
IBM InfoSphere DataStage 'LoggingViewAdmin.do' Multiple HTML Injection Vulnerabilities
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
IBM InfoSphere DataStage 'LoggingViewAdmin.do' Multiple HTML Injection Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
IBM InfoSphere DataStage 'LoggingViewAdmin.do' Multiple HTML Injection Vulnerabilities
References:
References: