发布日期:2013-02-14
更新日期:2013-02-20
受影响系统:
IBM InfoSphere DataStage 8.x
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 57981
IBM InfoSphere DataStage 是 InfoSphere Information Server 信息集成平台的一个核心产品模块。它使您能够收集和集成各种来源中的数据,并将它们转换到数据仓库和其他应用程序中,以获取值得信赖且及时的信息。
InfoSphere DataStage 8.5及其他版本没有正确过滤多个参数向Information Server Web Console内LoggingViewAdmin.do传递的值,可导致插入任意HTML和脚本代码,然后在用户浏览器会话中执行。受影响参数如下:
[host]/LoggingViewAdmin.do?HiddenNameWISDService
[host]/LoggingViewAdmin.do?HiddenNameWISDOperation
[host]/LoggingViewAdmin.do?HiddenNameWISDApplication
[host]/LoggingViewAdmin.do?HiddenNameUser
[host]/LoggingViewAdmin.do?HiddenNamePackage
[host]/LoggingViewAdmin.do?HiddenNameISFRequestId
[host]/LoggingViewAdmin.do?HiddenNameDSWave
[host]/LoggingViewAdmin.do?HiddenNameDSTemplate
[host]/LoggingViewAdmin.do?HiddenNameDSSeverity
[host]/LoggingViewAdmin.do?HiddenNameDSSequence
[host]/LoggingViewAdmin.do?HiddenNameDSProject
[host]/LoggingViewAdmin.do?HiddenNameDSLoginName
[host]/LoggingViewAdmin.do?HiddenNameDSJob
[host]/LoggingViewAdmin.do?HiddenNameDSInvocation
[host]/LoggingViewAdmin.do?HiddenNameDSHostName
[host]/LoggingViewAdmin.do?HiddenNameDSArguments
[host]/LoggingViewAdmin.do?HiddenNameArchive
<*来源:vendor
链接:
?uid=swg1JR45274
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
IBM
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: