Potential Cross Site Scripting (XSS) vulnerability in IBM Lotus Sametime Server
Category None
This one came across the wires this morning:
IBM Lotus Sametime Meeting Processing Cross Site Scripting Vulnerability
It does concern me that at the moment customers have to call IBM support to get the hotfix. I would have thought vulnerability fixes should have been more easily available.
This one came across the wires this morning:
IBM Lotus Sametime Meeting Processing Cross Site Scripting Vulnerability
In a specific instance, it was found that a precisely crafted Sametime meeting could potentially contain text that would expose a Cross Site Script vulnerability.
This can be addressed in Sametime 7.5.1 by applying an available hotfix. All future releases will contain this fix within the shipping version. Additionally, the same issue was not seen using the EMS server.
It does concern me that at the moment customers have to call IBM support to get the hotfix. I would have thought vulnerability fixes should have been more easily available.
Comments
Tnx for the tip, btw
Posted by Gerco Wolfswinkel At 11:40:29 AM On 08/01/2007 | - Website - |