Cross-Site Scripting Vulnerabilities in IBM Rational Application Developer and Rational Software Architect
CVE-2009-4052

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Application Developer For Websphere; Rational Software Architect
Vendor: CVE Published:; 23 November 2009

Summary

The JSF Widget Library Runtime in IBM Rational Application Developer and Rational Software Architect is susceptible to multiple cross-site scripting vulnerabilities. These flaws allow remote attackers to inject arbitrary web scripts or HTML through specific vectors related to the JSF Tree Control and the JavaScript Resource Servlet. Successful exploitation could lead to unauthorized actions being performed on behalf of users or exposure of sensitive information, highlighting the importance of applying appropriate security measures.

References

http://www.osvdb.org/60319

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/37442

third-party-advisoryx_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg27012558

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 23, 2009
Vulnerability Reserved
Nov 23, 2009