Australia's Leading Computer Emergency Response Team

ESB-2012.1212 - [RedHat] IBM Intelligent Operations Center: Cross-site scripting - Remote with user interaction
Date: 20 December 2012
Original URL: http://www.auscert.org.au/render.html?cid=1980&it=16746

Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.1212
           IBM Intelligent Operations Center interim fix PO00211
                             20 December 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Intelligent Operations Center
Publisher:         IBM
Operating System:  Red Hat
Impact/Access:     Cross-site Scripting -- Remote with User Interaction
Resolution:        Patch/Upgrade

Original Bulletin: 
   http://www-01.ibm.com/support/docview.wss?uid=swg24034020

- --------------------------BEGIN INCLUDED TEXT--------------------

IBM Intelligent Operations Center interim fix PO00211

Downloadable files

Document information

IBM Intelligent Operations Center

Software version:
1.5

Operating system(s):
Linux Red Hat - xSeries

Reference #:
4034020

Modified date:
2012-12-17

Abstract

Interim fix PO00211 resolves a cross-site scripting (XSS) vulnerability in IBM 
Intelligent Operations Center 1.5.0.

Download Description

IBM Intelligent Operations Center receives event data from various external 
sources, and displays the event data in various locations in the user 
interface. If the event data is not scanned, it is possible to inject 
malicious JavaScript code, which is a cross-site scripting (XSS) 
vulnerability.

Prerequisites

For prerequisites, refer to the readme document in the Fix Central download 
package.

Installation Instructions

For installation instructions, refer to the readme document in the Fix Central 
download package.

Download package

Download 		RELEASE DATE 	LANGUAGE 	SIZE(Bytes) 	Download Options
									What is Fix Central (FC)?
Interim fix PO00211	14 Dec 2012	English		13100		FC

Problems (APARS) fixed
PO00211

Copyright and trademark information

IBM, the IBM logo and ibm.com are trademarks of International Business 
Machines Corp., registered in many jurisdictions worldwide. Other product and 
service names might be trademarks of IBM or other companies. A current list of 
IBM trademarks is available on the Web at "Copyright and trademark information" 
at www.ibm.com/legal/copytrade.shtml.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUNKboe4yVqjM2NGpAQL76w/9EJMjnl9e/b0hVEqdHfOsjIjM9EuQTC7R
DGHAg4WiWMG01akl1jRvC53WJsYLtyWF8Rb157WjrbbgWyMHhmt3JnOHD+XD/Z8v
eSRdOnHiFiNzKAFhtGConHbmLPi2ULM6knC1kVs6Zx7DSByqCg04+YW0yEykcFqt
MhoQI5O1Cv6kX69Pw56YCm6vZs+wYwM+Yn9aFpqWERxHq1Pyw7fUzcacBl7uDiDg
jvVzHeFqHwk1lCiEyzTjfVbkqJCtmyaamtE0bST/7MKhlpcAN7WZgjBaZg95GfLV
Toxv3MFOJGe9mHvV+a9OVeMOMh7kStHeoLwG4Z0c2I5W5JdY4hhC3Oy5bD1Q1GgD
6TEU5rqKVotlhFTGHokMdmegeENvZ7IBujcz5PLnFlZC7Ipxmfy7/Ofj9dUu6gxf
KXgcKAuQkfZSPHIbGgbv5tKeN8+5RdPTlV9Zr6BoT4jeTXMKG5Eqjc2lypniOaPI
M+GrMu7085yZiyRYsiR/b2Djrdf0al42JC76P8httG6kjC5sICzVjt4Brcz5ufaq
jcFH74UGrG9uTwnL66jm5EU3u0bzVj8qsdaCKdhtmJbJutUKdeUTpR6dAPFDQKJl
SSamFcsVPCLuxnnGVJHefzDcFjle/pU+EdNvnNAB2LUb4GAdsV8ImOO+f8YEGYtc
8I6fGTwHTxA=
=RXcC
-----END PGP SIGNATURE-----