Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:IBM:TIV-SCHEDULEPARAM-XSS |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
IBM Tivoli Endpoint Manager Web Reports ScheduleParam Cross Site Scripting |
Release Date |
2012/04/03 |
Update Number |
2110 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: IBM Tivoli Endpoint Manager Web Reports ScheduleParam Cross Site Scripting
This signature detects attempts to exploit a known cross site scripting vulnerability in IBM Tivoli Endpoint Manager. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program.
Affected Products
- Ibm tivoli_endpoint_manager 8.0
- Ibm tivoli_endpoint_manager 8.1
- Ibm tivoli_endpoint_manager 8.2
References
- CVE: CVE-2012-0719