Attachmate Reflection for the Web cross site scripting vulnerability

2010-11-01T00:00:00
ID VU:889047
Type cert
Reporter CERT
Modified 2010-11-01T00:00:00

Description

Overview

Attachmate Reflection for the Web contains a non-persistent cross site scripting vulnerability.

Description

The following versions of Attachmate's Reflection for the Web products are vulnerable to a non-persistent cross site scripting vulnerability.

* Reflection for the Web 2008 R2 builds 10.1.569 and earlier 
* Reflection for the Web 2008 R1 
* Reflection for the Web 9.6 and earlier

Additional details are available in Attachmate's Technical Note 1704.


Impact

An attacker may execute arbitrary script in the security context of the web user. The attacker would need to induce the user to voluntarily interact with the attack mechanism.


Solution

Apply an update
Attachmate recommends all users upgrade to Reflection for the Web 2008 R2 build 10.1.570 or higher.


Vendor Information

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Attachmate| | -| 01 Nov 2010
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://support.attachmate.com/techdocs/1704.html>

Credit

Thanks to Ed Munoz of Attachmate for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs: Unknown
  • Date Public: 01 Nov 2010
  • Date First Published: 01 Nov 2010
  • Date Last Updated: 01 Nov 2010
  • Severity Metric: 0.00
  • Document Revision: 12