Boletines de Vulnerabilidades

Security Bulletin: IBM Enterprise Records Non-Persistent Cross-Site Scripting Vulnerability (CVE-2013-6314) and "Clickjacking" Vulnerability (CVE-2013-6315)

Información sobre el sistema
   
Software afectado IBM

Descripción
A non-persitent Cross-Site Scripting (XSS) vulnerability and a "Clickjacking" (application running in a frame) vulnerability have been identified in the IBM Enterprise Records product CVE(s): CVE-2013-6314, and CVE-2013-6315 Affected product(s) and affected version(s): IBM InfoSphere Enterprise Records 4.5.1/IBM Enterprise Records 5.1.1. IBM Enterprise Records 5.1.2 is not affected. Refer to the following reference URLs for remediation and additional vulnerability details: Source

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_enterprise_records_non_persistent_cross_site_scripting_vulnerability_cve_2013_6314_and_clickjacking_vulnerability_cve_2013_6315?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2013-6314 ,CVE-2013-6315 ,CVE-2013-5791 ,CVE-2013-5763 ,CVE-2013-5440 ,CVE-2013-5426 and CVE-2013-6717.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-03-04

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT