Home Unlabelled IBM Security Bulletin: Reflected XSS in IBM Worklight OAuth Server Web Api

IBM Security Bulletin: Reflected XSS in IBM Worklight OAuth Server Web Api

By
Friday, July 21, 2017
Read
Add Comment

A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework. The vulnerable parameter is “scope”, if you set as value a “realm”; not defined in authenticationConfig.xml you get an HTTP 403 Forbidden response and the value will be reflected in the body of the HTTP response.

CVE(s):

Affected product(s) and affected version(s):

IBM MobileFirst Platform Foundation 8.0.0.0
IBM MobileFirst Platform Foundation 7.1.0.0
IBM MobileFirst Platform Foundation 7.0.0.0
IBM MobileFirst Platform Foundation 6.3.0.0
IBM Worklight Enterprise Edition 6.2.0.1
IBM Worklight Enterprise Edition 6.1.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gQgAnU
X-Force Database:

The post IBM Security Bulletin: Reflected XSS in IBM Worklight OAuth Server Web Api appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2ui1jiw
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us