Fortinet Discovers IBM InfoSphere Data Architect Cross-Site Scripting Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a Cross-Site Scripting vulnerability in IBM InfoSphere Data Architect.IBM InfoSphere Data Architect is a collaborative data design solution. It enables users to discover, model, relate, standardize and integrate diverse and distributed data assets throughout their enterprise. It includes support for column-organized tables and can offer a better understanding of current data assets to help increase efficiency and reduce time to market.
A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in InfoSphere Data Architect. This vulnerability is caused by improper validation of user-supplied input. Victims just need to click a specially-crafted URL to execute injected script code in his/her Web browser within the security context of the hosting website. Attackers could exploit this vulnerability to steal the victims' cookie-based authentication credentials, redirect the victims to malicious websites, etc.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:IBM.InfoSphere.Data.Architect.XSS
Released Dec 08, 2015
FortiWeb can cover this specific vulnerability with following signatures:
Cross Site Scripting 010000000
Cross Site Scripting (Extended) 020000000