Vigil@nce - WebSphere Application Server ND: Cross Site Scripting via High Availability Deployment Manager
October 2020 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/computer-vulnerability
SYNTHESIS OF THE VULNERABILITY
Impacted products: Rational ClearCase, WebSphere AS Traditional.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 27/08/2020.
DESCRIPTION OF THE VULNERABILITY
An attacker can trigger a Cross Site Scripting via High
Availability Deployment Manager of WebSphere Application Server
ND, in order to run JavaScript code in the context of the web site.
ACCESS TO THE FULL VIGIL@NCE BULLETIN