Security Bulletin: Open redirect and cross-site scripting vulnerabilities in the InfoSphere Streams help system (CVE-2012-2159, CVE-2012-2161)

Abstract Open redirect vulnerability in IBM Eclipse Help System IEHS, as used in IBM InfoSphere Streams Information Center 2.0.0.3 or 2.0.0.4 and InfoSphere Streams Studio 2.0 or later, allows potential redirection of users to arbitrary web sites. Cross-site scripting vulnerability in IBM Eclipse...

Security Bulletin: Vulnerability in IBM SPSS Data Collection due to issues in Eclipse Help System (CVE-2013-0464, CVE-2013-0467)

Abstract The version of IBM Eclipse Help System that is shipped with IBM SPSS Data Collection versions 6.0, 6.0.1 "Data Collection" and 7.0 has multiple security vulnerabilities. These vulnerabilities allow attackers to perform cross-site scripting and source code disclosure attacks. Content...

CVE-2014-0918

CVE-2014-0918 is a directory traversal vulnerability in the IBM Eclipse Help System (IEHS) used by IBM WebSphere Portal. Affected versions include WebSphere Portal 6.1.0–6.1.0.6 CF27, 6.1.5–6.1.5.3 CF27, 7.0–7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06. A crafted URL could cause reading arbitrary fi...

CVE-2013-5449

CVE-2013-5449 is an XSS vulnerability in the IBM Eclipse Help System (IEHS) used by IBM FileNet Content Manager InfoCenter. The issue affects IEHS in the installable InfoCenter components of multiple IBM FileNet/Content Manager versions and is triggered via crafted URLs to execute script in a use...

CVE-2013-0464

Multiple cross-site scripting XSS vulnerabilities in IBM Eclipse Help System IEHS 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2013-0599

The CVE-2013-0599 issue centers on the IBM Eclipse Help System (IEHS) used across IBM products (e.g., Data Studio, OmniFind/Content Analytics, WebSphere-related offerings). A remote attacker can obtain sensitive information by requesting a crafted parameter path or URL, which can trigger error me...

CVE-2013-0467

IBM Eclipse Help System IEHS, as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL...

CVE-2013-0467

CVE-2013-0467 concerns a vulnerability in the IBM Eclipse Help System (IEHS) that is shipped with multiple IBM products (notably IBM WebSphere Application Server, IBM InfoSphere Information Server, SPSS Data Collection, Content Analytics/OmniFind, Content Collector, and related IEHS-integrated co...

CVE-2012-2161

CVE-2012-2161 is a cross-site scripting vulnerability in the IBM Eclipse Help System (IEHS) used by multiple IBM products (e.g., InfoSphere Discovery, DB2 Information Center, Sales Center for WebSphere Commerce, IMS Explorer for Development). The flaw resides in IEHS (deferredView.jsp and related...

CVE-2012-2159

CVE-2012-2159 is an open-redirect vulnerability in the IBM Eclipse Help System (IEHS) used by multiple IBM products (e.g., InfoSphere Discovery, Streams, DB2/QMF, WebSphere-related tooling). The issue arises from IEHS scripts that can redirect trusted users to untrusted sites, enabling phishing v...