Security Bulletin: Open redirect and cross-site scripting vulnerabilities in RPE help system (CVE-2012-2159, CVE-2012-2161)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtmedium psirtrational
0 Comments | 920 Visits
IBM Rational Publishing Engine (RPE) version 18.104.22.168 (and older) include Eclipse components that provide functionality to display the help. This component is vulnerable to cross-site scripting or to open redirect attacks. The risk is low since an attacker would need access to desktop applications to input a malicious URL.
CVE(s): CVE-2012-2159 and CVE-2012-2161
Affected product(s) and Version(s):
Version 22.214.171.124 and earlier of IBM Rational Publishing Engine running on Microsoft Windows or Linux operating systems are affected.
Refer to the following reference URLs for remediation and additional vulnerability details.
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21619410
X-Force Database: http://xforce.iss.net/xforce/xfdb/74832
X-Force Database: http://xforce.iss.net/xforce/xfdb/74833