Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0087 A vulnerability has been identified in IBM Social Media Analytics 22 July 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Social Media Analytics Operating System: Linux variants Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade Member content until: Wednesday, August 21 2013 OVERVIEW A vulnerability has been identified in IBM Social Media Analytics version 1.2. [1] IMPACT The vendor has provided the following details regarding this vulnerability: "This Fix Pack provides important product corrections for Social Media Analytics 1.2 and a security fix to resolve a reflective Cross-Site Scripting (XSS) vulnerability. The vulnerability could enable attackers to inject client-side script into the IBM Social Media Analytics User Interface." [1] MITIGATION The vendor recommends that administrators apply the relevant Fix Pack. [1] REFERENCES [1] Social Media Analytics 1.2 Fix Pack 1 http://www-01.ibm.com/support/docview.wss?uid=swg24034591 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUeynMRLndAQH1ShLAQJqFRAAj1WWwvDefb/QSOMaL2MRhLWadwVy3X1v YpkRzR6Yxu5rDO0izpes05mGnAJDOsg4BsigiGceT+qKJso+uvpv19tZyRv3/3Ex zNTjR8/siSnOMoHPAfpJ6jyy/5o/WXEjHVLw57eQuvAqLnjoiS1k57Yp7Uo7nN8/ Msk8mu7PQluXHGf+uCY+2jiziuqht9OZksXHSupgWI8lnXyMjoZKHyWMaDjNs4KM 5bXTIVKY0uUQ4VxFVz1+5/CkY3WTIUxf7pERolD4Iu8eCre9pT2KfzAMu7z0PAWJ uuFKFyLSE7eSZ6a5G1Bq2+4B3xdDG5n4RuQUqPqkBLSeo6vY0fSvTWhE1JOI5nTf Xm4jzJJYI9PtK15qK9G3GX6Xp7NErE6AnOoIpoSmeYdWCV3qc+qvwS5iHjFnbGpK Nt3+JPblHNbSIrUaEvCtE8IbxQ24qASnsAX4cjg57d5OqzSC88jkBZ4eFnu0VFom wP5BW/QA4hFkcWJqbYyXRNEpcOtFTmUX+8aGYGECS5HirIl3zxBTcr+9TfdypOCz FhJxHaLguu+ZkksKzC3qTbosqSROpDGyNPlXYU2mIhtkh76WiNE5Erj1jyu3KHZr gZhuMxecrNGff+TiQ19ZRMLgU/ZUYox1X7wWW9zRV5+b9Bax797eV5aE0sQwBytj 8hBGl4vf47k= =KA6s -----END PGP SIGNATURE-----