IBM Security Bulletin: IBM B2B Advanced Communications is vulnerable to cross-site scripting due to the vulnerability of 10x (CVE-2016-5892)

IBM B2B Advanced Communications is vulnerable to cross-site scripting due to the vulnerability of 10x. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality, potentially leading to credentials disclosure within a trusted session.

CVE(s): CVE-2016-5892

Affected product(s) and affected version(s):

IBM Multi-Enterprise Integration Gateway 1.0 – 1.0.0.1

IBM B2B Advanced Communications 1.0.0.2 – 1.0.0.5_1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2dR5OeM
X-Force Database: http://ift.tt/2dmYpAV



from IBM Product Security Incident Response Team http://ift.tt/2dR4KY4