IBM Sterling Order Management is vulnerable to a cross-site scripting attack which could lead to unauthorized access through the injected scripts. If you are using Version 8.5 or 9.0, please apply this security fix as soon as possible. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
For more details, please go to the technote for more details: http://www-01.ibm.com/support/docview.wss?uid=swg21670912