Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.1212 IBM Intelligent Operations Center interim fix PO00211 20 December 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Intelligent Operations Center Publisher: IBM Operating System: Red Hat Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg24034020 - --------------------------BEGIN INCLUDED TEXT-------------------- IBM Intelligent Operations Center interim fix PO00211 Downloadable files Document information IBM Intelligent Operations Center Software version: 1.5 Operating system(s): Linux Red Hat - xSeries Reference #: 4034020 Modified date: 2012-12-17 Abstract Interim fix PO00211 resolves a cross-site scripting (XSS) vulnerability in IBM Intelligent Operations Center 1.5.0. Download Description IBM Intelligent Operations Center receives event data from various external sources, and displays the event data in various locations in the user interface. If the event data is not scanned, it is possible to inject malicious JavaScript code, which is a cross-site scripting (XSS) vulnerability. Prerequisites For prerequisites, refer to the readme document in the Fix Central download package. Installation Instructions For installation instructions, refer to the readme document in the Fix Central download package. Download package Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options What is Fix Central (FC)? Interim fix PO00211 14 Dec 2012 English 13100 FC Problems (APARS) fixed PO00211 Copyright and trademark information IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUNKboe4yVqjM2NGpAQL76w/9EJMjnl9e/b0hVEqdHfOsjIjM9EuQTC7R DGHAg4WiWMG01akl1jRvC53WJsYLtyWF8Rb157WjrbbgWyMHhmt3JnOHD+XD/Z8v eSRdOnHiFiNzKAFhtGConHbmLPi2ULM6knC1kVs6Zx7DSByqCg04+YW0yEykcFqt MhoQI5O1Cv6kX69Pw56YCm6vZs+wYwM+Yn9aFpqWERxHq1Pyw7fUzcacBl7uDiDg jvVzHeFqHwk1lCiEyzTjfVbkqJCtmyaamtE0bST/7MKhlpcAN7WZgjBaZg95GfLV Toxv3MFOJGe9mHvV+a9OVeMOMh7kStHeoLwG4Z0c2I5W5JdY4hhC3Oy5bD1Q1GgD 6TEU5rqKVotlhFTGHokMdmegeENvZ7IBujcz5PLnFlZC7Ipxmfy7/Ofj9dUu6gxf KXgcKAuQkfZSPHIbGgbv5tKeN8+5RdPTlV9Zr6BoT4jeTXMKG5Eqjc2lypniOaPI M+GrMu7085yZiyRYsiR/b2Djrdf0al42JC76P8httG6kjC5sICzVjt4Brcz5ufaq jcFH74UGrG9uTwnL66jm5EU3u0bzVj8qsdaCKdhtmJbJutUKdeUTpR6dAPFDQKJl SSamFcsVPCLuxnnGVJHefzDcFjle/pU+EdNvnNAB2LUb4GAdsV8ImOO+f8YEGYtc 8I6fGTwHTxA= =RXcC -----END PGP SIGNATURE-----