Author Topic: SECURITY BULLETIN: IBM Content Navigator  (Read 1282 times)

Justin Derrick

  • IBM Content Manager OnDemand Consultant
  • Administrator
  • Hero Member
  • *****
  • Posts: 1662
  • CMOD Guru for hire...
    • View Profile
    • Tenacious Consulting
SECURITY BULLETIN: IBM Content Navigator
« on: April 02, 2015, 05:32:08 AM »
There were two security bulletins issued April 2nd for Content Navigator ("ICN"), and ICN 2.0.3 FixPack 3 released April 1st (no joke!).

Security Bulletin: IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input
http://www-01.ibm.com/support/docview.wss?uid=swg21700205

Security Bulletin: IBM Content Navigator affected by dojox/form/resources/*.swf and dojox/av/resources/*.swf XSS vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg21696244

Here's the FixPack announcement:
http://www-01.ibm.com/support/knowledgecenter/SSEUEX_2.0.3/readme/icn_fixpack2.0.3.300_readme.html


Stay safe!

-JD.
#Install, #Educate, #Repair, #Upgrade, #Migrate, #Enhance, #Optimize.

IBM CMOD Professional Services: http://TenaciousConsulting.com
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SA #Performance #Security #Audits #Customizing #Availability #HA #DR #Training